Erwin Data Modeler - The vulnerabilities using zlib 1.2.8 and 1.2.11, CVE-2016-9843;CVE-2016-9842 and CVE-2022-37434 (4369860)

Erwin Data Modeler - The vulnerabilities using zlib 1.2.8 and 1.2.11, CVE-2016-9843;CVE-2016-9842 and CVE-2022-37434

Erwin Data Modeler - The vulnerabilities using zlib 1.2.8 and 1.2.11,
CVE-2016-9843
CVE-2016-9842
CVE-2016-9841
CVE-2022-37434

Versions affected by above Vulnerabilities
r12.1 SP1 GA29259 (64-bit)
r12.1 GA 29174 (64-bit)
r12.0 GA 28917 (64-bit)
r2021R1_23459(64 bit)
r2020R2.14677(64 bit)

Erwin Data Modeler installs Open source Software (OSS) using Zlib 1.2.8 
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=zlib&queryType=phrase&search_type=all&isCpeNameSearch=false

 

For versions:
r12.1 GA 29174 (64-bit)
r12.0 GA 28917 (64-bit)
r2021R1_23459(64 bit)
r2020R2.14677(64 bit)

Please apply patch HERE

Steps to replace new DLL file :

1.    Install any one of the above-mentioned DM build
2.    Open installation folder “C:\Program Files\erwin\Data Modeler r9”
3.    Replace “zlib128.dll” file with the latest version library attached here
4.    Launch Erwin instance (Erwin instance should be closed before replacing the dll if it is opened)

Click To See Full Image.

For 12.1 SP1 GA build Build 29259 (64-bit). In addition to above solution, Please also replace zlib1.dll in same directory with This one