CVE-2016-9841

CRITICAL EPSS 93.7%
Published May 23, 20179y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published May 23, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
93.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 62

VendorProductVersionRange
zlibzlib*≥1.2.0  –  <1.2.9
opensuseleap42.1any
opensuseleap42.2any
opensuseopensuse13.2any
debiandebian_linux8.0any
canonicalubuntu_linux16.04any
canonicalubuntu_linux18.04any
oracledatabase_server18cany
oraclejdk1.6.0any
oraclejdk1.7.0any
oraclejdk1.8.0any
oraclejre1.6.0any
oraclejre1.7.0any
oraclejre1.8.0any
oraclemysql*≥5.5.0  –  ≤5.5.61
oraclemysql*≥5.6.0  –  ≤5.6.41
oraclemysql*≥5.7.0  –  ≤5.7.23
oraclemysql*≥8.0.0  –  ≤8.0.12
redhatsatellite5.8any
redhatenterprise_linux_desktop6.0any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_eus7.4any
redhatenterprise_linux_eus7.5any
redhatenterprise_linux_server6.0any
redhatenterprise_linux_server7.0any
redhatenterprise_linux_workstation6.0any
redhatenterprise_linux_workstation7.0any
appleiphone_os* <11
applemac_os_x*≥10.0.0  –  <10.13.0
appletvos* <11.0
applewatchos* <4
netappactive_iq_unified_manager*≥7.3
netappactive_iq_unified_manager*≥9.5
netappcloud_backup*any
netappe-series_santricity_management*any
netappe-series_santricity_management*any
netappe-series_santricity_management*any
netappe-series_santricity_os_controller*≥11.0.0  –  ≤11.70.1
netappe-series_santricity_storage_manager*any
netappe-series_santricity_web_services*any
netapponcommand_balance*any
netapponcommand_insight*any
netapponcommand_performance_manager*any
netapponcommand_shift*any
netapponcommand_unified_manager* ≤7.1
netapponcommand_unified_manager* ≤7.1
netapponcommand_unified_manager*any
netapponcommand_workflow_automation*any
netappsnapmanager*any
netappsnapmanager*any
netappsolidfire*any
netappsteelstore_cloud_integrated_storage*any
netappstorage_replication_adapter_for_clustered_data_ontap*any
netappsymantec_netbackup*any
netappvasa_provider_for_clustered_data_ontap*≥7.2
netappvirtual_storage_console*any
netapphci_storage_node*any
nodejsnode.js*≥4.0.0  –  ≤4.1.2
nodejsnode.js*≥4.2.0  –  <4.8.2
nodejsnode.js*≥6.0.0  –  ≤6.8.1
nodejsnode.js*≥6.9.0  –  <6.10.2
nodejsnode.js*≥7.0.0  –  <7.6.0

References 33

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.