CVE-2016-9843

NameCVE-2016-9843
DescriptionThe crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs847275

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zlib (PTS)wheezy1:1.2.7.dfsg-13vulnerable
jessie1:1.2.8.dfsg-2vulnerable
buster, sid, stretch1:1.2.8.dfsg-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zlibsource(unstable)1:1.2.8.dfsg-3high847275

Notes

[jessie] - zlib <no-dsa> (Minor issue)
[wheezy] - zlib <no-dsa> (Minor issue)
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
Search for package or bug name: Reporting problems