BSA-2017-336
21402
08 September 2017
23 June 2017
Closed
Low
3.3
N/A
CVE-2016-9843
Summary
Security Advisory ID : BSA-2017-336
Component : zlib
Revision : 2.0: Interim
There was a small optimization for PowerPCs to pre-increment a pointer when accessing a word, instead of post-incrementing. This required prefacing the loop with a decrement of the pointer, possibly pointing before the object passed. This is not compliant with the C standard, for which decrementing a pointer before its allocated memory is undefined. When tested on a modern PowerPC with a modern compiler, the optimization no longer has any effect.
Affected ProductsProduct | Current Assessment |
---|---|
Brocade Virtual Web Application Firewall | Impacted: Upgrade to 4.9-42756. |
Brocade Fabric OS, Brocade FastIron OS, Brocade NetIron OS, Brocade Network Advisor, Brocade ServerIronADX, Brocade SLX-OS, and Brocade Virtual ADX are confirmed not affected by this vulnerability.
WorkaroundThere are no workarounds that address this vulnerability.
Revision History
Version | Change | Date |
---|---|---|
1.0 | Initial Publication | June 23, 2017 |
2.0 | Updated to address BNA | September 8, 2017 |