SB2017060115 - Denial of service in zlib (Alpine package)
Published: June 1, 2017 Updated: February 27, 2025
Security Bulletin ID
SB2017060115
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Denial of service (CVE-ID: CVE-2016-9841)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in zlib due to out-of-bounds pointer arithmetic in inftrees.c. A remote attacker can cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=655e1b330491f425fa03eea4ac25bbbf3f29c2df
- https://git.alpinelinux.org/aports/commit/?id=7e4d736879a3ca05e4c26194fdfebe0a27b26f9c
- https://git.alpinelinux.org/aports/commit/?id=852b09befcff3346184cfa94f712d6a2f85f10f7
- https://git.alpinelinux.org/aports/commit/?id=6d398ff0e70f7a9b420319047051b4d7c7e42f17
- https://git.alpinelinux.org/aports/commit/?id=7b52a76dd3513db686d4937fbc144f188ef101fa