API, CLI, SDK & Automation

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Oracle Instant client 21.10 - detected for ZLIB vulnerability CVE-2022-37434 (critical)

user-ozj3fMay 11 2023

The latest version of instantclient-basiclite-windows.x64-21.10.0.0 (especially the file oraociicus.dll) is detected for presence of Zlib 1.2.11 containing critical vulnerabilities CVE-2022-37434, CVE-2018-25032. We would need to whether this package is vulnerable (affected) or not.

Many thanks

Regards

#security, #vulnerability

Added on May 11 2023

0 comments

797 views