CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib	Third Party Advisory
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf	Exploit Technical Description Third Party Advisory
https://security.gentoo.org/glsa/201701-56	Third Party Advisory
https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1402346	Issue Tracking
http://www.securityfocus.com/bid/95131	Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2016/12/05/21	Mailing List Patch Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html	Mailing List Third Party Advisory
http://www.securitytracker.com/id/1039427	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039596	Broken Link Third Party Advisory VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch Third Party Advisory
https://support.apple.com/HT208144	Third Party Advisory
https://support.apple.com/HT208115	Third Party Advisory
https://support.apple.com/HT208113	Third Party Advisory
https://support.apple.com/HT208112	Third Party Advisory
https://security.netapp.com/advisory/ntap-20171019-0001/	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1222	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1221	Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1220	Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4246-1/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4292-1/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html	Third Party Advisory
https://security.gentoo.org/glsa/202007-54	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:leap:42.2:::::::*
	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:database_server:18c:::::::*
	cpe:2.3:a:oracle:jdk:1.8.0:update144::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update151::::::
	cpe:2.3:a:oracle:jdk:1.6.0:update161::::::
	cpe:2.3:a:oracle:jre:1.6.0:update161::::::
	cpe:2.3:a:oracle:jre:1.7.0:update151::::::
	cpe:2.3:a:oracle:jre:1.8.0:update144::::::

Configuration 6 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:a:redhat:satellite:5.8:::::::*

Configuration 7 (hide)

OR	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:watchos::::::::
	cpe:2.3:o:apple:mac_os_x::::::::

Configuration 8 (hide)

OR	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:oncommand_balance:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*
	cpe:2.3:a:netapp:snapmanager:-:::::oracle::
	cpe:2.3:a:netapp:snapmanager:-:::::sap::
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_management:-:::::vmware_sra::
	cpe:2.3:a:netapp:e-series_santricity_management:-:::::vmware_vasa::
	cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::*
	cpe:2.3:a:netapp:oncommand_shift:-:::::::*
	cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:virtual_storage_console:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:oncommand_unified_manager::::::windows::*
	cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap::::::::
	cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::
	cpe:2.3:a:netapp:oncommand_unified_manager::::::vsphere::*
	cpe:2.3:a:netapp:oncommand_performance_manager:-:::::vmware_vsphere::
	cpe:2.3:h:netapp:hci_storage_node:-:::::::*
	cpe:2.3:a:netapp:symantec_netbackup:-:::::::*
	cpe:2.3:a:netapp:solidfire:-:::::::*
	cpe:2.3:a:netapp:e-series_santricity_management:-:::::vmware_vcenter::
	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
	cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::web_services_proxy::
	cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*

History

22 Jun 2022, 17:16

Information

Published : 2017-05-23 04:29

Updated : 2022-06-22 17:16

NVD link : CVE-2016-9841

Mitre link : CVE-2016-9841

JSON object : View

Products Affected

redhat

enterprise_linux_eus
enterprise_linux_workstation
satellite
enterprise_linux_server
enterprise_linux_desktop

netapp

cloud_backup
oncommand_unified_manager
storage_replication_adapter_for_clustered_data_ontap
e-series_santricity_web_services
vasa_provider_for_clustered_data_ontap
oncommand_workflow_automation
hci_storage_node
active_iq_unified_manager
symantec_netbackup
virtual_storage_console
oncommand_performance_manager
e-series_santricity_os_controller
solidfire
oncommand_shift
e-series_santricity_storage_manager
steelstore_cloud_integrated_storage
e-series_santricity_management
oncommand_balance
snapmanager
oncommand_insight

apple

watchos
iphone_os
tvos
mac_os_x

debian

debian_linux

oracle

jre
mysql
jdk
database_server

opensuse

opensuse
leap

canonical

ubuntu_linux

zlib

zlib

CWE

NVD-CWE-noinfo

Type	Values Removed	Values Added
First Time		Oracle database Server Apple tvos Netapp storage Replication Adapter For Clustered Data Ontap Oracle jdk Redhat enterprise Linux Server Netapp virtual Storage Console Canonical Netapp Netapp oncommand Unified Manager Debian debian Linux Apple watchos Netapp e-series Santricity Web Services Netapp snapmanager Netapp oncommand Performance Manager Netapp hci Storage Node Redhat enterprise Linux Eus Oracle mysql Redhat Apple Redhat satellite Netapp solidfire Apple mac Os X Netapp oncommand Insight Netapp e-series Santricity Storage Manager Redhat enterprise Linux Workstation Oracle jre Netapp e-series Santricity Os Controller Netapp oncommand Shift Netapp steelstore Cloud Integrated Storage Zlib zlib Netapp oncommand Balance Redhat enterprise Linux Desktop Apple iphone Os Netapp cloud Backup Netapp symantec Netbackup Debian Netapp vasa Provider For Clustered Data Ontap Canonical ubuntu Linux Netapp e-series Santricity Management Netapp oncommand Workflow Automation Zlib Oracle Netapp active Iq Unified Manager
CPE	cpe:2.3:a:gnu:zlib:1.2.8:::::::*	cpe:2.3:a:oracle:jre:1.6.0:update161:::::: cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:a:netapp:oncommand_insight:-:::::::* cpe:2.3:a:netapp:e-series_santricity_web_services:-:::::web_services_proxy:: cpe:2.3:a:oracle:jdk:1.7.0:update151:::::: cpe:2.3:a:netapp:oncommand_performance_manager:-:::::vmware_vsphere:: cpe:2.3:a:oracle:database_server:18c:::::::* cpe:2.3:a:netapp:oncommand_balance:-:::::::* cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::* cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:a:netapp:symantec_netbackup:-:::::::* cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::* cpe:2.3:a:zlib:zlib:::::::: cpe:2.3:a:netapp:solidfire:-:::::::* cpe:2.3:a:oracle:mysql:::::::: cpe:2.3:a:oracle:jdk:1.6.0:update161:::::: cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:a:netapp:snapmanager:-:::::sap:: cpe:2.3:a:netapp:snapmanager:-:::::oracle:: cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:a:oracle:jre:1.8.0:update144:::::: cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:a:netapp:e-series_santricity_management:-:::::vmware_vasa:: cpe:2.3:a:netapp:e-series_santricity_management:-:::::vmware_sra:: cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:a:netapp:e-series_santricity_management:-:::::vmware_vcenter:: cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::* cpe:2.3:a:netapp:oncommand_unified_manager::::::windows::* cpe:2.3:a:oracle:jre:1.7.0:update151:::::: cpe:2.3:h:netapp:hci_storage_node:-:::::::* cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:::::vmware_vsphere:: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:a:netapp:cloud_backup:-:::::::* cpe:2.3:a:netapp:virtual_storage_console:-:::::vmware_vsphere:: cpe:2.3:a:oracle:jdk:1.8.0:update144:::::: cpe:2.3:a:redhat:satellite:5.8:::::::* cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode:: cpe:2.3:a:netapp:oncommand_unified_manager::::::vsphere::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:a:netapp:e-series_santricity_os_controller:::::::: cpe:2.3:a:netapp:oncommand_shift:-:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
CWE	~~CWE-189~~	NVD-CWE-noinfo
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - Mailing List, Third Party Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id/1039596 -~~	(SECTRACK) http://www.securitytracker.com/id/1039596 - Broken Link, Third Party Advisory, VDB Entry
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - Third Party Advisory
References	~~(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html -~~	(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/HT208113 -~~	(CONFIRM) https://support.apple.com/HT208113 - Third Party Advisory
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Patch, Third Party Advisory, VDB Entry~~	(MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Mailing List, Patch, Third Party Advisory, VDB Entry
References	~~(SECTRACK) http://www.securitytracker.com/id/1039427 -~~	(SECTRACK) http://www.securitytracker.com/id/1039427 - Broken Link, Third Party Advisory, VDB Entry
References	~~(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html -~~	(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - Mailing List, Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/HT208115 -~~	(CONFIRM) https://support.apple.com/HT208115 - Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/HT208112 -~~	(CONFIRM) https://support.apple.com/HT208112 - Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Third Party Advisory~~	(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Mailing List, Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Third Party Advisory~~	(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Mailing List, Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4292-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4292-1/ - Third Party Advisory
References	~~(CONFIRM) https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb - Patch, Vendor Advisory~~	(CONFIRM) https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb - Patch, Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/HT208144 -~~	(CONFIRM) https://support.apple.com/HT208144 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory
References	~~(GENTOO) https://security.gentoo.org/glsa/202007-54 -~~	(GENTOO) https://security.gentoo.org/glsa/202007-54 - Third Party Advisory
References	~~(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html -~~	(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20171019-0001/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20171019-0001/ - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4246-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4246-1/ - Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Third Party Advisory~~	(SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Mailing List, Third Party Advisory

9.8 /10