CVE-2016-9843

CRITICAL EPSS 92.4%
Published May 23, 20179y ago · Modified Jun 17, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published May 23, 2017 9y ago
Last Modified Jun 17, 2026 2w ago

Description

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
92.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Affected Products 46

VendorProductVersionRange
zlibzlib*≥1.2.0  –  <1.2.9
opensuseleap42.1any
opensuseleap42.2any
opensuseopensuse13.2any
debiandebian_linux8.0any
canonicalubuntu_linux16.04any
canonicalubuntu_linux18.04any
oracledatabase_server18cany
oraclejdk1.6.0any
oraclejdk1.7.0any
oraclejdk1.8.0any
oraclejre1.6.0any
oraclejre1.7.0any
oraclejre1.8.0any
oraclemysql*≥5.5.0  –  ≤5.5.61
oraclemysql*≥5.6.0  –  ≤5.6.41
oraclemysql*≥5.7.0  –  ≤5.7.23
oraclemysql*≥8.0.0  –  ≤8.0.12
redhatsatellite5.8any
redhatenterprise_linux_desktop6.0any
redhatenterprise_linux_desktop7.0any
redhatenterprise_linux_eus7.4any
redhatenterprise_linux_eus7.5any
redhatenterprise_linux_server6.0any
redhatenterprise_linux_server7.0any
redhatenterprise_linux_workstation6.0any
redhatenterprise_linux_workstation7.0any
appleiphone_os* <11
applemac_os_x*≥10.0.0  –  <10.13.0
appletvos* <11.0
applewatchos* <4
netappactive_iq_unified_manager*≥7.3
netappactive_iq_unified_manager*≥9.5
netapponcommand_insight*any
netapponcommand_workflow_automation*any
netappsnapcenter*any
mariadbmariadb*≥5.5.0  –  <5.5.62
mariadbmariadb*≥10.0.0  –  <10.0.37
mariadbmariadb*≥10.1.0  –  <10.1.37
mariadbmariadb*≥10.2.0  –  <10.2.19
mariadbmariadb*≥10.3.0  –  <10.3.11
nodejsnode.js*≥4.0.0  –  ≤4.1.2
nodejsnode.js*≥4.2.0  –  <4.8.2
nodejsnode.js*≥6.0.0  –  ≤6.8.1
nodejsnode.js*≥6.9.0  –  <6.10.2
nodejsnode.js*≥7.0.0  –  <7.6.0

References 33

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.