Erwin Data Modeler - The vulnerabilities using zlib 1.2.8 and 1.2.11, CVE-2016-9843;CVE-2016-9842 and CVE-2022-37434 (4369860)

Chat now with support

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Erwin Data Modeler - The vulnerabilities using zlib 1.2.8 and 1.2.11, CVE-2016-9843;CVE-2016-9842 and CVE-2022-37434
Description

Erwin Data Modeler - The vulnerabilities using zlib 1.2.8 and 1.2.11,
CVE-2016-9843
CVE-2016-9842
CVE-2016-9841
CVE-2022-37434

Versions affected by above Vulnerabilities
r12.1 SP1 GA29259 (64-bit)
r12.1 GA 29174 (64-bit)
r12.0 GA 28917 (64-bit)
r2021R1_23459(64 bit)
r2020R2.14677(64 bit)
Cause

Erwin Data Modeler installs Open source Software (OSS) using Zlib 1.2.8
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=zlib&queryType=phrase&search_type=all&isCpeNameSearch=false
Resolution

For versions:
r12.1 GA 29174 (64-bit)
r12.0 GA 28917 (64-bit)
r2021R1_23459(64 bit)
r2020R2.14677(64 bit)

Please apply patch HERE

Steps to replace new DLL file :

1.   Install any one of the above-mentioned DM build
2.   Open installation folder “C:\Program Files\erwin\Data Modeler r9”
3.   Replace “zlib128.dll” file with the latest version library attached here
4.   Launch Erwin instance (Erwin instance should be closed before replacing the dll if it is opened)

For 12.1 SP1 GA build Build 29259 (64-bit). In addition to above solution, Please also replace zlib1.dll in same directory with This one

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title