CVE-2016-9843

HIGH

Description

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

References

http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html

http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html

http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html

http://www.openwall.com/lists/oss-security/2016/12/05/21

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/95131

http://www.securitytracker.com/id/1039427

http://www.securitytracker.com/id/1041888

https://access.redhat.com/errata/RHSA-2017:1220

https://access.redhat.com/errata/RHSA-2017:1221

https://access.redhat.com/errata/RHSA-2017:1222

https://access.redhat.com/errata/RHSA-2017:2999

https://access.redhat.com/errata/RHSA-2017:3046

https://access.redhat.com/errata/RHSA-2017:3047

https://access.redhat.com/errata/RHSA-2017:3453

https://bugzilla.redhat.com/show_bug.cgi?id=1402351

https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811

https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html

https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html

https://security.gentoo.org/glsa/201701-56

https://security.gentoo.org/glsa/202007-54

https://security.netapp.com/advisory/ntap-20181018-0002/

https://support.apple.com/HT208112

https://support.apple.com/HT208113

https://support.apple.com/HT208115

https://support.apple.com/HT208144

https://usn.ubuntu.com/4246-1/

https://usn.ubuntu.com/4292-1/

https://wiki.mozilla.org/images/0/09/Zlib-report.pdf

https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib

https://www.oracle.com/security-alerts/cpujul2020.html

Details

Source: MITRE

Published: 2017-05-23

Updated: 2020-07-28

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (66 total)

ID	Name	Product	Family	Severity
139639	FreeBSD : net/rsync -- multiple zlib issues (085399ab-dfd7-11ea-96e4-80ee73bc7b66)	Nessus	FreeBSD Local Security Checks	high
139117	GLSA-202007-54 : rsync: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
138528	Oracle Database Server Multiple Vulnerabilities (Jul 2020 CPU)	Nessus	Databases	high
134039	Ubuntu 16.04 LTS / 18.04 LTS : rsync vulnerabilities (USN-4292-1)	Nessus	Ubuntu Local Security Checks	high
133323	Debian DLA-2085-1 : zlib security update	Nessus	Debian Local Security Checks	high
133204	Ubuntu 16.04 LTS : zlib vulnerabilities (USN-4246-1)	Nessus	Ubuntu Local Security Checks	high
132371	EulerOS 2.0 SP5 : zlib (EulerOS-SA-2019-2704)	Nessus	Huawei Local Security Checks	high
127764	SUSE SLES12 Security Update : mariadb (SUSE-SU-2019:2048-1)	Nessus	SuSE Local Security Checks	high
700617	MySQL 5.5.x < 5.5.62 Multiple Vulnerabilities (October 2018 CPU)	Nessus Network Monitor	Database	high
124128	Amazon Linux 2 : mariadb (ALAS-2019-1193)	Nessus	Amazon Linux Local Security Checks	high
700542	Apple iOS < 11.0.1 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
700511	macOS < 10.13 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	critical
123744	EulerOS Virtualization 2.5.3 : zlib (EulerOS-SA-2019-1276)	Nessus	Huawei Local Security Checks	high
123019	Debian DLA-1725-1 : rsync security update	Nessus	Debian Local Security Checks	high
122849	openSUSE Security Update : mariadb (openSUSE-2019-327)	Nessus	SuSE Local Security Checks	high
122664	SUSE SLED15 / SLES15 Security Update : mariadb (SUSE-SU-2019:0555-1)	Nessus	SuSE Local Security Checks	high
122258	MariaDB 5.5.x < 5.5.62 Multiple Vulnerabilities	Nessus	Databases	high
121704	Photon OS 1.0: Zlib PHSA-2017-0021	Nessus	PhotonOS Local Security Checks	high
121394	MariaDB 10.2.0 < 10.2.19 Multiple Vulnerabilities	Nessus	Databases	high
121294	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2019:0119-1)	Nessus	SuSE Local Security Checks	high
121191	MariaDB 10.0.0 < 10.0.37 Multiple Vulnerabilities	Nessus	Databases	high
120436	Fedora 28 : 3:mariadb (2018-55b875c1ac)	Nessus	Fedora Local Security Checks	high
120294	Fedora 29 : 3:mariadb (2018-242f6c1a41)	Nessus	Fedora Local Security Checks	high
119998	SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1389-1)	Nessus	SuSE Local Security Checks	high
119869	SUSE SLED12 / SLES12 Security Update : mariadb (SUSE-SU-2018:4211-1)	Nessus	SuSE Local Security Checks	high
119475	Amazon Linux AMI : mysql55 (ALAS-2018-1116)	Nessus	Amazon Linux Local Security Checks	high
119474	Amazon Linux AMI : mysql56 (ALAS-2018-1115)	Nessus	Amazon Linux Local Security Checks	high
119473	Amazon Linux AMI : mysql57 (ALAS-2018-1114)	Nessus	Amazon Linux Local Security Checks	high
119452	SUSE SLES12 Security Update : mariadb (SUSE-SU-2018:3972-1)	Nessus	SuSE Local Security Checks	high
119154	Fedora 27 : 3:mariadb (2018-192148f4ff)	Nessus	Fedora Local Security Checks	high
118746	Slackware 14.1 / 14.2 / current : mariadb (SSA:2018-309-01)	Nessus	Slackware Local Security Checks	high
118499	SUSE SLES11 Security Update : mysql (SUSE-SU-2018:3542-1)	Nessus	SuSE Local Security Checks	high
118452	openSUSE Security Update : mysql-community-server (openSUSE-2018-1284)	Nessus	SuSE Local Security Checks	high
118248	FreeBSD : MySQL -- multiple vulnerabilities (ec5072b0-d43a-11e8-a6d2-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	high
118236	MySQL 8.0.x < 8.0.13 Multiple Vulnerabilities (Oct 2018 CPU) (Jul 2019 CPU)	Nessus	Databases	high
118235	MySQL 5.7.x < 5.7.24 Multiple Vulnerabilities (Oct 2018 CPU) (Jul 2019 CPU)	Nessus	Databases	high
118234	MySQL 5.6.x < 5.6.42 Multiple Vulnerabilities (October 2018 CPU)	Nessus	Databases	high
118233	MySQL 5.5.x < 5.5.62 Multiple Vulnerabilities (October 2018 CPU)	Nessus	Databases	high
111870	Photon OS 1.0: Bindutils / Krb5 / Ruby / Sudo / Zlib PHSA-2017-0021 (deprecated)	Nessus	PhotonOS Local Security Checks	high
105714	openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2018-14)	Nessus	SuSE Local Security Checks	high
105538	SUSE SLED12 / SLES12 Security Update : java-1_7_0-openjdk (SUSE-SU-2018:0005-1)	Nessus	SuSE Local Security Checks	high
105267	RHEL 6 : Satellite Server (RHSA-2017:3453)	Nessus	Red Hat Local Security Checks	high
104531	SUSE SLED12 / SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2017:2989-1)	Nessus	SuSE Local Security Checks	high
104527	openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-1269)	Nessus	SuSE Local Security Checks	high
104140	RHEL 6 / 7 : java-1.6.0-sun (RHSA-2017:3047)	Nessus	Red Hat Local Security Checks	high
104139	RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2017:3046)	Nessus	Red Hat Local Security Checks	high
104116	RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2017:2999)	Nessus	Red Hat Local Security Checks	high
103598	macOS < 10.13 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
103420	Apple iOS < 11 Multiple Vulnerabilities	Nessus	Mobile Devices	critical
103189	AIX Java Advisory : java_apr2017_advisory.asc (April 2017 CPU)	Nessus	AIX Local Security Checks	high
102019	IBM BigFix Platform 9.1.x < 9.1.1328.0 / 9.2.x < 9.2.11.19 Multiple Vulnerabilities	Nessus	Web Servers	high
100540	SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2017:1444-1)	Nessus	SuSE Local Security Checks	high
100378	SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1387-1)	Nessus	SuSE Local Security Checks	high
100377	SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2017:1386-1)	Nessus	SuSE Local Security Checks	high
100376	SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2017:1385-1)	Nessus	SuSE Local Security Checks	high
100375	SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2017:1384-1)	Nessus	SuSE Local Security Checks	high
100119	RHEL 6 : java-1.6.0-ibm (RHSA-2017:1222)	Nessus	Red Hat Local Security Checks	high
100118	RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2017:1221)	Nessus	Red Hat Local Security Checks	high
100117	RHEL 6 / 7 : java-1.8.0-ibm (RHSA-2017:1220)	Nessus	Red Hat Local Security Checks	high
96691	GLSA-201701-56 : zlib: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
96377	openSUSE Security Update : zlib (openSUSE-2017-47)	Nessus	SuSE Local Security Checks	high
96376	openSUSE Security Update : zlib (openSUSE-2017-46)	Nessus	SuSE Local Security Checks	high
96266	SUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0004-1)	Nessus	SuSE Local Security Checks	high
96265	SUSE SLED12 / SLES12 Security Update : zlib (SUSE-SU-2017:0003-1)	Nessus	SuSE Local Security Checks	high
96077	SUSE SLES11 Security Update : zlib (SUSE-SU-2016:3209-1)	Nessus	SuSE Local Security Checks	high
95975	openSUSE Security Update : zlib (openSUSE-2016-1499)	Nessus	SuSE Local Security Checks	high