CVE-2016-9842

HIGH EPSS 91.4%
Published May 23, 20179y ago · Modified Jun 17, 20262w ago
8.8 CVSS 3.1
High
Find Similar
Published May 23, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

CVSS Details

Base Score
8.8
Exploitability
2.8
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
91.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-1335

Affected Products 36

VendorProductVersionRange
zlibzlib*≥1.2.3.4  –  <1.2.9
opensuseleap42.1any
opensuseleap42.2any
opensuseopensuse13.2any
debiandebian_linux8.0any
canonicalubuntu_linux16.04any
canonicalubuntu_linux18.04any
oracledatabase_server18cany
oraclejdk1.6.0any
oraclejdk1.7.0any
oraclejdk1.8.0any
oraclejre1.6.0any
oraclejre1.7.0any
oraclejre1.8.0any
oraclemysql*≥5.5.0  –  ≤5.5.61
oraclemysql*≥5.6.0  –  ≤5.6.41
oraclemysql*≥5.7.0  –  ≤5.7.23
oraclemysql*≥8.0.0  –  ≤8.0.12
redhatsatellite5.8any
redhatenterprise_linux_desktop6.0any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_eus7.4any
redhatenterprise_linux_eus7.5any
redhatenterprise_linux_server6.0any
redhatenterprise_linux_server7.0any
redhatenterprise_linux_workstation6.0any
redhatenterprise_linux_workstation7.0any
appleiphone_os* <11
applemac_os_x*≥10.0.0  –  <10.13.0
appletvos* <11.0
applewatchos* <4
nodejsnode.js*≥4.0.0  –  ≤4.1.2
nodejsnode.js*≥4.2.0  –  <4.8.2
nodejsnode.js*≥6.0.0  –  ≤6.8.1
nodejsnode.js*≥6.9.0  –  <6.10.2
nodejsnode.js*≥7.0.0  –  <7.6.0

References 30

  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
    Broken Link
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
    Broken Link
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
    Broken Link
  • openwall.com http://www.openwall.com/lists/oss-security/2016/12/05/21
    Mailing ListPatch
  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
    Third Party Advisory
  • oracle.com http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/95131
    Broken LinkThird Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1039427
    Broken LinkThird Party AdvisoryVDB Entry
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:1220
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:1221
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:1222
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:2999
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:3046
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:3047
    Third Party Advisory
  • access.redhat.com https://access.redhat.com/errata/RHSA-2017:3453
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1402348
    Issue TrackingPatch
  • github.com https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
    Mailing ListThird Party Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
    Mailing ListThird Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201701-56
    Third Party Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/202007-54
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208112
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208113
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208115
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT208144
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4246-1/
    Third Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/4292-1/
    Third Party Advisory
  • wiki.mozilla.org https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
    Third Party Advisory
  • wiki.mozilla.org https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
    Third Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpujul2020.html
    Third Party Advisory

Remediation

  • openwall.com http://www.openwall.com/lists/oss-security/2016/12/05/21
    Mailing ListPatch
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1402348
    Issue TrackingPatch
  • github.com https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
    Patch