CVE-2016-9840

Published: 23 May 2017

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Priority

Low

CVSS 3 base score: 8.8

Status

Package Release Status
rsync
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla)
Released (3.1.3-6)
Ubuntu 20.04 LTS (Focal Fossa)
Released (3.1.3-6)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.1.2-2.1ubuntu1.1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (3.1.1-3ubuntu1.3)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
zlib
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1:1.2.11.dfsg-0ubuntu2)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:1.2.8.dfsg-2ubuntu4.3)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0