CVE-2016-9843

Name of the Vulnerable Software and Affected Versions zlib versions 1.2.8 and earlier MySQL Server versions 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, 8.0.12 and earlier

Description The issue is related to errors in handling numbers in the crc32 big function of the zlib library, which may allow attackers to impact the confidentiality, integrity, and availability of protected information during big-endian CRC calculation. This can be exploited by a remote attacker to cause a denial of service, potentially leading to a hang or crash of the MySQL Server. The vulnerability can be triggered by persuading a victim to open a specially crafted document.

Recommendations For zlib version 1.2.8 and earlier, consider disabling the crc32 big function until a patch is available. For MySQL Server versions 5.5.61 and earlier, 5.6.41 and earlier, 5.7.23 and earlier, 8.0.12 and earlier, update to a version that includes the fix for the zlib vulnerability. As a temporary workaround, restrict access to the zlib library to minimize the risk of exploitation.