CVE-2016-9841

Home/CVE/inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointe

CVE

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointe

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CRITICAL · CVSS 9.8 EPSS 0.13495

Schedule remediation

EPSS ≥ 0.10 - elevated exploitation probability
EPSS percentile: top 6% of all CVEs by exploitation likelihood
CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

▤

Affected Products & Versions

zlib>= 1.2.0 and < 1.2.9
opensuse leapall versions
opensuseall versions
debian linuxall versions
canonical ubuntu linuxall versions
oracle database serverall versions
oracle jdkall versions
oracle jreall versions
Show all 46 affected productsoracle mysql>= 5.5.0 and <= 5.5.61
oracle mysql>= 5.6.0 and <= 5.6.41
oracle mysql>= 5.7.0 and <= 5.7.23
oracle mysql>= 8.0.0 and <= 8.0.12
redhat satelliteall versions
redhat enterprise linux desktopall versions
redhat enterprise linux eusall versions
redhat enterprise linux serverall versions
redhat enterprise linux workstationall versions
apple iphone os< 11
apple mac os x>= 10.0.0 and < 10.13.0
apple tvos< 11.0
apple watchos< 4
netapp active iq unified manager>= 7.3
netapp active iq unified manager>= 9.5
netapp cloud backupall versions
netapp e-series santricity managementall versions
netapp e-series santricity os controller>= 11.0.0 and <= 11.70.1
netapp e-series santricity storage managerall versions
netapp e-series santricity web servicesall versions
netapp oncommand balanceall versions
netapp oncommand insightall versions
netapp oncommand performance managerall versions
netapp oncommand shiftall versions
netapp oncommand unified manager<= 7.1
netapp oncommand unified managerall versions
netapp oncommand workflow automationall versions
netapp snapmanagerall versions
netapp solidfireall versions
netapp steelstore cloud integrated storageall versions
netapp storage replication adapter for clustered data ontapall versions
netapp symantec netbackupall versions
netapp vasa provider for clustered data ontap>= 7.2
netapp virtual storage consoleall versions
netapp hci storage nodeall versions
nodejs node.js>= 4.0.0 and <= 4.1.2
nodejs node.js>= 4.2.0 and < 4.8.2
nodejs node.js>= 6.0.0 and <= 6.8.1

▣

Scoring & Timeline

9.8

CRITICAL · CVSS v3.1 · security@opentext.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD23 May 2017 · 04:29 AM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

⚑

Vendor Advisories

msrcCVE-2016-9841
usnUSN-6736-2
usnUSN-6736-1
usnUSN-4292-1
usnUSN-4246-1
Show all 30 vendor advisoriessuse-csafSUSE-SU-2018:1815-1
suse-csafSUSE-SU-2018:0061-1
suse-csafSUSE-SU-2018:0005-1
suse-csafSUSE-SU-2017:3455-1
suse-csafSUSE-SU-2017:3440-1
suse-csafSUSE-SU-2017:3411-1
suse-csafSUSE-SU-2017:3369-1
rhsaRHSA-2017:3453Important
suse-csafSUSE-SU-2017:3235-1
suse-csafSUSE-SU-2017:2989-1
rhsaRHSA-2017:3046Important
rhsaRHSA-2017:3047Important
rhsaRHSA-2017:2999Critical
suse-csafSUSE-SU-2017:2699-1
suse-csafSUSE-SU-2017:2700-1
suse-csafSUSE-SU-2017:1444-1
suse-csafSUSE-SU-2017:1384-1
suse-csafSUSE-SU-2017:1385-1
suse-csafSUSE-SU-2017:1386-1
suse-csafSUSE-SU-2017:1387-1
suse-csafSUSE-SU-2017:1389-1
rhsaRHSA-2017:1220Moderate
rhsaRHSA-2017:1222Moderate
rhsaRHSA-2017:1221Moderate
suse-csafSUSE-SU-2017:0003-1