CVE-2016-9840

HIGH EPSS 90.9%
Published May 23, 20179y ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
High
Find Similar
Published May 23, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
90.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 37

VendorProductVersionRange
boostboost* <1.78.0
zlibzlib*≥1.2.0.6  –  <1.2.9
opensuseleap42.1any
opensuseleap42.2any
opensuseopensuse13.2any
debiandebian_linux8.0any
canonicalubuntu_linux16.04any
canonicalubuntu_linux18.04any
oracledatabase_server18cany
oraclejdk1.6.0any
oraclejdk1.7.0any
oraclejdk1.8.0any
oraclejre1.6.0any
oraclejre1.7.0any
oraclejre1.8.0any
oraclemysql*≥5.5.0  –  ≤5.5.61
oraclemysql*≥5.6.0  –  ≤5.6.41
oraclemysql*≥5.7.0  –  ≤5.7.23
oraclemysql*≥8.0.0  –  ≤8.0.12
redhatsatellite5.8any
redhatenterprise_linux_desktop6.0any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_eus7.4any
redhatenterprise_linux_eus7.5any
redhatenterprise_linux_server6.0any
redhatenterprise_linux_server7.0any
redhatenterprise_linux_workstation6.0any
redhatenterprise_linux_workstation7.0any
appleiphone_os* <11
applemac_os_x*≥10.0.0  –  <10.13.0
appletvos* <11.0
applewatchos* <4
nodejsnode.js*≥4.0.0  –  ≤4.1.2
nodejsnode.js*≥4.2.0  –  <4.8.2
nodejsnode.js*≥6.0.0  –  ≤6.8.1
nodejsnode.js*≥6.9.0  –  <6.10.2
nodejsnode.js*≥7.0.0  –  <7.6.0

References 30

  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
    Third Party Advisory
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2016/12/05/21
    Mailing ListThird Party Advisory
  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/95131
    Broken Link
  • securitytracker.com http://www.securitytracker.com/id/1039427
    Broken Link
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:1220
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:1221
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:1222
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2999
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:3046
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:3047
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:3453
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1402345
    Issue TrackingThird Party Advisory
  • github.com https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
    PatchThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
    Mailing ListThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201701-56
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202007-54
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208112
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208113
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208115
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208144
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4246-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4292-1/
    Third Party Advisory
  • wiki.mozilla.org https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
    Third Party Advisory
  • wiki.mozilla.org https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
    Broken Link
  • oracle.com https://www.oracle.com/security-alerts/cpujul2020.html
    Third Party Advisory

Remediation

  • github.com https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
    PatchThird Party Advisory