CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
References
Link Resource
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
http://www.openwall.com/lists/oss-security/2016/12/05/21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/95131
http://www.securitytracker.com/id/1039427
https://access.redhat.com/errata/RHSA-2017:1220
https://access.redhat.com/errata/RHSA-2017:1221
https://access.redhat.com/errata/RHSA-2017:1222
https://access.redhat.com/errata/RHSA-2017:2999
https://access.redhat.com/errata/RHSA-2017:3046
https://access.redhat.com/errata/RHSA-2017:3047
https://access.redhat.com/errata/RHSA-2017:3453
https://bugzilla.redhat.com/show_bug.cgi?id=1402348
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
https://security.gentoo.org/glsa/201701-56
https://security.gentoo.org/glsa/202007-54
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/HT208115
https://support.apple.com/HT208144
https://usn.ubuntu.com/4246-1/
https://usn.ubuntu.com/4292-1/
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
https://www.oracle.com/security-alerts/cpujul2020.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:zlib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Configuration 8 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

History

07 Nov 2023, 02:37

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpujul2020.html -
References (BID) http://www.securityfocus.com/bid/95131 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95131 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3046 -
References (MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Mailing List, Patch, Third Party Advisory, VDB Entry () http://www.openwall.com/lists/oss-security/2016/12/05/21 -
References (CONFIRM) https://support.apple.com/HT208115 - Third Party Advisory () https://support.apple.com/HT208115 -
References (GENTOO) https://security.gentoo.org/glsa/201701-56 - Third Party Advisory () https://security.gentoo.org/glsa/201701-56 -
References (SECTRACK) http://www.securitytracker.com/id/1039427 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1039427 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:1220 -
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html -
References (CONFIRM) https://support.apple.com/HT208144 - Third Party Advisory () https://support.apple.com/HT208144 -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html -
References (UBUNTU) https://usn.ubuntu.com/4292-1/ - Third Party Advisory () https://usn.ubuntu.com/4292-1/ -
References (CONFIRM) https://support.apple.com/HT208113 - Third Party Advisory () https://support.apple.com/HT208113 -
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402348 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1402348 -
References (GENTOO) https://security.gentoo.org/glsa/202007-54 - Third Party Advisory () https://security.gentoo.org/glsa/202007-54 -
References (MISC) https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib - Third Party Advisory () https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html -
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html -
References (CONFIRM) https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 - Patch, Vendor Advisory () https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3453 -
References (CONFIRM) https://support.apple.com/HT208112 - Third Party Advisory () https://support.apple.com/HT208112 -
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html -
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory () http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:1221 -
References (MISC) https://wiki.mozilla.org/images/0/09/Zlib-report.pdf - Exploit, Technical Description, Third Party Advisory () https://wiki.mozilla.org/images/0/09/Zlib-report.pdf -
References (UBUNTU) https://usn.ubuntu.com/4246-1/ - Third Party Advisory () https://usn.ubuntu.com/4246-1/ -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3047 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:2999 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:1222 -

16 Aug 2022, 13:02

Type Values Removed Values Added
CPE cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
First Time Nodejs
Nodejs node.js

22 Jun 2022, 17:17

Type Values Removed Values Added
First Time Redhat enterprise Linux Workstation
Oracle jre
Oracle database Server
Apple tvos
Oracle jdk
Redhat enterprise Linux Server
Canonical
Debian debian Linux
Apple watchos
Redhat enterprise Linux Desktop
Redhat enterprise Linux Eus
Oracle mysql
Apple iphone Os
Redhat
Debian
Apple
Redhat satellite
Canonical ubuntu Linux
Apple mac Os X
Oracle
CWE CWE-189 NVD-CWE-noinfo
CPE cpe:2.3:a:gnu:zlib:1.2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:zlib:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - (MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208113 - (CONFIRM) https://support.apple.com/HT208113 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Patch, Third Party Advisory, VDB Entry (MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Mailing List, Patch, Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id/1039427 - (SECTRACK) http://www.securitytracker.com/id/1039427 - Broken Link, Third Party Advisory, VDB Entry
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208115 - (CONFIRM) https://support.apple.com/HT208115 - Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208112 - (CONFIRM) https://support.apple.com/HT208112 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4292-1/ - (UBUNTU) https://usn.ubuntu.com/4292-1/ - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208144 - (CONFIRM) https://support.apple.com/HT208144 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202007-54 - (GENTOO) https://security.gentoo.org/glsa/202007-54 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4246-1/ - (UBUNTU) https://usn.ubuntu.com/4246-1/ - Third Party Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402348 - Issue Tracking (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402348 - Issue Tracking, Patch, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Mailing List, Third Party Advisory

Information

Published : 2017-05-23 04:29

Updated : 2023-12-10 12:01


NVD link : CVE-2016-9842

Mitre link : CVE-2016-9842

CVE.ORG link : CVE-2016-9842


JSON object : View

Products Affected

gnu

  • zlib

debian

  • debian_linux

apple

  • watchos
  • tvos
  • mac_os_x
  • iphone_os

redhat

  • enterprise_linux_eus
  • satellite
  • enterprise_linux_workstation
  • enterprise_linux_server
  • enterprise_linux_desktop

oracle

  • database_server
  • jdk
  • mysql
  • jre

opensuse

  • leap
  • opensuse

canonical

  • ubuntu_linux

nodejs

  • node.js