CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
References
Link Resource
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib Third Party Advisory
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf Exploit Technical Description Third Party Advisory
https://security.gentoo.org/glsa/201701-56 Third Party Advisory
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1402348 Issue Tracking Patch Third Party Advisory
http://www.securityfocus.com/bid/95131 Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2016/12/05/21 Mailing List Patch Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html Mailing List Third Party Advisory
http://www.securitytracker.com/id/1039427 Broken Link Third Party Advisory VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch Third Party Advisory
https://support.apple.com/HT208144 Third Party Advisory
https://support.apple.com/HT208115 Third Party Advisory
https://support.apple.com/HT208113 Third Party Advisory
https://support.apple.com/HT208112 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1222 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1221 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1220 Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html Mailing List Third Party Advisory
https://usn.ubuntu.com/4246-1/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html Mailing List Third Party Advisory
https://usn.ubuntu.com/4292-1/ Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory
https://security.gentoo.org/glsa/202007-54 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:zlib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

History

22 Jun 2022, 17:17

Type Values Removed Values Added
First Time Redhat enterprise Linux Workstation
Oracle jre
Oracle database Server
Apple tvos
Oracle jdk
Redhat enterprise Linux Server
Canonical
Debian debian Linux
Apple watchos
Redhat enterprise Linux Desktop
Redhat enterprise Linux Eus
Oracle mysql
Apple iphone Os
Redhat
Debian
Apple
Redhat satellite
Canonical ubuntu Linux
Apple mac Os X
Oracle
CWE CWE-189 NVD-CWE-noinfo
CPE cpe:2.3:a:gnu:zlib:1.2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:zlib:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - (MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208113 - (CONFIRM) https://support.apple.com/HT208113 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Patch, Third Party Advisory, VDB Entry (MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Mailing List, Patch, Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id/1039427 - (SECTRACK) http://www.securitytracker.com/id/1039427 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208115 - (CONFIRM) https://support.apple.com/HT208115 - Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208112 - (CONFIRM) https://support.apple.com/HT208112 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4292-1/ - (UBUNTU) https://usn.ubuntu.com/4292-1/ - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208144 - (CONFIRM) https://support.apple.com/HT208144 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202007-54 - (GENTOO) https://security.gentoo.org/glsa/202007-54 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4246-1/ - (UBUNTU) https://usn.ubuntu.com/4246-1/ - Third Party Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402348 - Issue Tracking (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402348 - Issue Tracking, Patch, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Mailing List, Third Party Advisory

Information

Published : 2017-05-23 04:29

Updated : 2022-06-22 17:17


NVD link : CVE-2016-9842

Mitre link : CVE-2016-9842


JSON object : View

Products Affected

oracle

  • jdk
  • database_server
  • mysql
  • jre

redhat

  • enterprise_linux_desktop
  • enterprise_linux_workstation
  • enterprise_linux_eus
  • satellite
  • enterprise_linux_server

apple

  • tvos
  • watchos
  • iphone_os
  • mac_os_x

gnu

  • zlib

canonical

  • ubuntu_linux

opensuse

  • leap
  • opensuse

debian

  • debian_linux