|The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.|
Computer vulnerabilities of Kubernetes
Our database contains other pages. You can request a free trial to read them.
zlib: five vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of zlib.
Impacted products: iOS by Apple, iPhone, Mac OS X, AIX, DB2 UDB, MQSeries, SPSS Statistics, Kubernetes, Domino, Notes, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, Solaris, Python, RHEL, SUSE Linux Enterprise Desktop, SLES, zlib.
Creation date: 05/12/2016.
Identifiers: 1997877, 2001520, 2003212, 2004735, 2005160, 2005255, 2006014, 2006017, 2007242, 2010282, 2011648, 2014202, APPLE-SA-2017-09-19-1, APPLE-SA-2017-09-25-1, APPLE-SA-2017-09-25-4, bulletinapr2017, cpuoct2017, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, HT208144, openSUSE-SU-2016:3202-1, openSUSE-SU-2017:0077-1, openSUSE-SU-2017:0080-1, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, RHSA-2017:1220-01, RHSA-2017:1221-01, RHSA-2017:1222-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, SUSE-SU-2017:1384-1, SUSE-SU-2017:1386-1, SUSE-SU-2017:1387-1, SUSE-SU-2017:1444-1, SUSE-SU-2017:2989-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, VIGILANCE-VUL-21262.
Description of the vulnerability
Several vulnerabilities were announced in zlib.
An attacker can generate a memory corruption via Deflate External Linkage, in order to trigger a denial of service, and possibly to run code. [severity:2/4]
A pointer error may have a consequence. [severity:1/4]
An attacker can force a read at an invalid address via inftrees.c, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9840, CVE-2016-9841]
A negative number shift is undefined. [severity:1/4; CVE-2016-9842]
An attacker can force a read at an invalid address via Big-endian Pointer, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-9843]
Complete Vigil@nce bulletin.... (Free trial)
Display information about Kubernetes: