Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Published

2017-05-23T04:29:01.837

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	zlib	zlib	< 1.2.9	Yes
Operating System	opensuse	leap	42.1	Yes
Operating System	opensuse	leap	42.2	Yes
Operating System	opensuse	opensuse	13.2	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes
Operating System	canonical	ubuntu_linux	18.04	Yes
Application	oracle	database_server	18c	Yes
Application	oracle	jdk	1.6.0	Yes
Application	oracle	jdk	1.7.0	Yes
Application	oracle	jdk	1.8.0	Yes
Application	oracle	jre	1.6.0	Yes
Application	oracle	jre	1.7.0	Yes
Application	oracle	jre	1.8.0	Yes
Application	oracle	mysql	≤ 5.5.61	Yes
Application	oracle	mysql	≤ 5.6.41	Yes
Application	oracle	mysql	≤ 5.7.23	Yes
Application	oracle	mysql	≤ 8.0.12	Yes
Application	redhat	satellite	5.8	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	7.0	Yes
Operating System	redhat	enterprise_linux_eus	7.4	Yes
Operating System	redhat	enterprise_linux_eus	7.5	Yes
Operating System	redhat	enterprise_linux_server	6.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes
Operating System	apple	iphone_os	< 11	Yes
Operating System	apple	mac_os_x	< 10.13.0	Yes
Operating System	apple	tvos	< 11.0	Yes
Operating System	apple	watchos	< 4	Yes
Application	nodejs	node.js	≤ 4.1.2	Yes
Application	nodejs	node.js	< 4.8.2	Yes
Application	nodejs	node.js	≤ 6.8.1	Yes
Application	nodejs	node.js	< 6.10.2	Yes
Application	nodejs	node.js	< 7.6.0	Yes

References

http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html Broken Link ([email protected])
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html Broken Link ([email protected])
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html Broken Link ([email protected])
http://www.openwall.com/lists/oss-security/2016/12/05/21 Mailing List, Patch ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Third Party Advisory ([email protected])
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/95131 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039427 Broken Link, Third Party Advisory, VDB Entry ([email protected])
https://access.redhat.com/errata/RHSA-2017:1220 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1221 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:1222 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:2999 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3046 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3047 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1402348 Issue Tracking, Patch ([email protected])
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 Patch ([email protected])
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html Mailing List, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201701-56 Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/202007-54 Third Party Advisory ([email protected])
https://support.apple.com/HT208112 Third Party Advisory ([email protected])
https://support.apple.com/HT208113 Third Party Advisory ([email protected])
https://support.apple.com/HT208115 Third Party Advisory ([email protected])
https://support.apple.com/HT208144 Third Party Advisory ([email protected])
https://usn.ubuntu.com/4246-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/4292-1/ Third Party Advisory ([email protected])
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib Third Party Advisory ([email protected])
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf Third Party Advisory ([email protected])
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/12/05/21 Mailing List, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/95131 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039427 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1220 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1221 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:1222 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:2999 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3046 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3047 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1402348 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-56 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202007-54 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT208112 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT208113 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT208115 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/HT208144 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4246-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4292-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)