Описание
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
A vulnerability was discovered in the inftrees.c file of zlib. Pointer arithmetic operations violate the C standard by subtracting an offset from an array pointer before its allocated memory, leading to undefined behavior.
Отчет
While this undefined behavior does not currently manifest as an exploitable issue on Red Hat Enterprise Linux systems using GCC compilers, it could become problematic with future compiler implementations. This flaw affects various Java packages in Red Hat Enterprise Linux 6 and 7, but native zlib packages in Red Hat Enterprise Linux are not impacted due to the specific compiler implementation used.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | rsync | Not affected | ||
| Red Hat Enterprise Linux 5 | zlib | Not affected | ||
| Red Hat Enterprise Linux 6 | zlib | Not affected | ||
| Red Hat Enterprise Linux 9 | rsync | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | zlib | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | zlib | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | zlib | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | zlib | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | zlib | Not affected | ||
| Oracle Java for Red Hat Enterprise Linux 6 | java-1.8.0-oracle | Fixed | RHSA-2017:2999 | 23.10.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
4.3 Medium
CVSS2
Связанные уязвимости
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...
EPSS
8.8 High
CVSS3
4.3 Medium
CVSS2