CVE-2016-9842

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

References

http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html

http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html

http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html

http://www.openwall.com/lists/oss-security/2016/12/05/21

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/95131

http://www.securitytracker.com/id/1039427

https://access.redhat.com/errata/RHSA-2017:1220

https://access.redhat.com/errata/RHSA-2017:1221

https://access.redhat.com/errata/RHSA-2017:1222

https://access.redhat.com/errata/RHSA-2017:2999

https://access.redhat.com/errata/RHSA-2017:3046

https://access.redhat.com/errata/RHSA-2017:3047

https://access.redhat.com/errata/RHSA-2017:3453

https://bugzilla.redhat.com/show_bug.cgi?id=1402348

https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958

https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html

https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html

https://security.gentoo.org/glsa/201701-56

https://security.gentoo.org/glsa/202007-54

https://support.apple.com/HT208112

https://support.apple.com/HT208113

https://support.apple.com/HT208115

https://support.apple.com/HT208144

https://usn.ubuntu.com/4246-1/

https://usn.ubuntu.com/4292-1/

https://wiki.mozilla.org/images/0/09/Zlib-report.pdf

https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib

https://www.oracle.com/security-alerts/cpujul2020.html

Details

Source: MITRE

Published: 2017-05-23

Updated: 2020-07-28

Type: CWE-189

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (38 total)

IDNameProductFamilySeverity
139639FreeBSD : net/rsync -- multiple zlib issues (085399ab-dfd7-11ea-96e4-80ee73bc7b66)NessusFreeBSD Local Security Checks
critical
139117GLSA-202007-54 : rsync: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
134039Ubuntu 16.04 LTS / 18.04 LTS : rsync vulnerabilities (USN-4292-1)NessusUbuntu Local Security Checks
critical
133323Debian DLA-2085-1 : zlib security updateNessusDebian Local Security Checks
critical
133204Ubuntu 16.04 LTS : zlib vulnerabilities (USN-4246-1)NessusUbuntu Local Security Checks
critical
132371EulerOS 2.0 SP5 : zlib (EulerOS-SA-2019-2704)NessusHuawei Local Security Checks
critical
700542Apple iOS < 11.0.1 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
700511macOS < 10.13 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
123744EulerOS Virtualization 2.5.3 : zlib (EulerOS-SA-2019-1276)NessusHuawei Local Security Checks
critical
123019Debian DLA-1725-1 : rsync security updateNessusDebian Local Security Checks
critical
119998SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1389-1)NessusSuSE Local Security Checks
critical
105714openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)NessusSuSE Local Security Checks
critical
105538SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1)NessusSuSE Local Security Checks
critical
105267RHEL 6 : Satellite Server (RHSA-2017:3453)NessusRed Hat Local Security Checks
critical
104531SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2989-1)NessusSuSE Local Security Checks
critical
104527openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-1269)NessusSuSE Local Security Checks
critical
104140RHEL 6 / 7 : java-1.6.0-sun (RHSA-2017:3047)NessusRed Hat Local Security Checks
critical
104139RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:3046)NessusRed Hat Local Security Checks
critical
104116RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:2999)NessusRed Hat Local Security Checks
critical
103598macOS < 10.13 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
103420Apple iOS < 11 Multiple VulnerabilitiesNessusMobile Devices
critical
103189AIX Java Advisory : java_apr2017_advisory.asc (April 2017 CPU)NessusAIX Local Security Checks
high
102019IBM BigFix Platform 9.1.x < 9.1.1328.0 / 9.2.x < 9.2.11.19 Multiple VulnerabilitiesNessusWeb Servers
critical
100540SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1444-1)NessusSuSE Local Security Checks
critical
100378SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1387-1)NessusSuSE Local Security Checks
critical
100377SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:1386-1)NessusSuSE Local Security Checks
critical
100376SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1385-1)NessusSuSE Local Security Checks
critical
100375SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2017:1384-1)NessusSuSE Local Security Checks
critical
100119RHEL 6 : java-1.6.0-ibm (RHSA-2017:1222)NessusRed Hat Local Security Checks
critical
100118RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:1221)NessusRed Hat Local Security Checks
critical
100117RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:1220)NessusRed Hat Local Security Checks
critical
96691GLSA-201701-56 : zlib: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
96377openSUSE Security Update : zlib (openSUSE-2017-47)NessusSuSE Local Security Checks
critical
96376openSUSE Security Update : zlib (openSUSE-2017-46)NessusSuSE Local Security Checks
critical
96266SUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0004-1)NessusSuSE Local Security Checks
critical
96265SUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0003-1)NessusSuSE Local Security Checks
critical
96077SUSE SLES11 Security Update : zlib (SUSE-SU-2016:3209-1)NessusSuSE Local Security Checks
critical
95975openSUSE Security Update : zlib (openSUSE-2016-1499)NessusSuSE Local Security Checks
critical