CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
http://www.openwall.com/lists/oss-security/2016/12/05/21
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/95131
http://www.securitytracker.com/id/1039427
http://www.securitytracker.com/id/1041888
https://access.redhat.com/errata/RHSA-2017:1220
https://access.redhat.com/errata/RHSA-2017:1221
https://access.redhat.com/errata/RHSA-2017:1222
https://access.redhat.com/errata/RHSA-2017:2999
https://access.redhat.com/errata/RHSA-2017:3046
https://access.redhat.com/errata/RHSA-2017:3047
https://access.redhat.com/errata/RHSA-2017:3453
https://bugzilla.redhat.com/show_bug.cgi?id=1402351
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
https://security.gentoo.org/glsa/201701-56
https://security.gentoo.org/glsa/202007-54
https://security.netapp.com/advisory/ntap-20181018-0002/
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/HT208115
https://support.apple.com/HT208144
https://usn.ubuntu.com/4246-1/
https://usn.ubuntu.com/4292-1/
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
https://www.oracle.com/security-alerts/cpujul2020.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:opensuse:leap:42.1:::::::*
	cpe:2.3:o:opensuse:leap:42.2:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

Configuration 5 (hide)

OR	cpe:2.3:a:oracle:database_server:18c:::::::*
	cpe:2.3:a:oracle:jdk:1.6.0:update161::::::
	cpe:2.3:a:oracle:jdk:1.7.0:update151::::::
	cpe:2.3:a:oracle:jdk:1.8.0:update144::::::
	cpe:2.3:a:oracle:jre:1.6.0:update161::::::
	cpe:2.3:a:oracle:jre:1.7.0:update151::::::
	cpe:2.3:a:oracle:jre:1.8.0:update144::::::
	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::
	cpe:2.3:a:oracle:mysql::::::::

Configuration 6 (hide)

OR	cpe:2.3:a:redhat:satellite:5.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 7 (hide)

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

Configuration 8 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::*
	cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:snapcenter:-:::::::*

Configuration 9 (hide)

OR	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::
	cpe:2.3:a:mariadb:mariadb::::::::

Configuration 10 (hide)

OR	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*
	cpe:2.3:a:nodejs:node.js:::::lts:::*
	cpe:2.3:a:nodejs:node.js:::::-:::*

History

07 Nov 2023, 02:37

16 Aug 2022, 13:02

Type	Values Removed	Values Added
CPE		cpe:2.3:a:nodejs:node.js:::::-:::* cpe:2.3:a:nodejs:node.js:::::lts:::*
First Time		Nodejs Nodejs node.js

27 Jun 2022, 16:40

Type	Values Removed	Values Added
First Time		Mariadb Mariadb mariadb
CPE		cpe:2.3:a:mariadb:mariadb::::::::

22 Jun 2022, 17:18

Information

Published : 2017-05-23 04:29

Updated : 2023-12-10 12:01

NVD link : CVE-2016-9843

Mitre link : CVE-2016-9843

CVE.ORG link : CVE-2016-9843

JSON object : View

Products Affected

netapp

snapcenter
oncommand_workflow_automation
oncommand_insight
active_iq_unified_manager

canonical

ubuntu_linux

opensuse

opensuse
leap

oracle

jdk
database_server
jre
mysql

redhat

enterprise_linux_server
enterprise_linux_desktop
enterprise_linux_eus
enterprise_linux_workstation
satellite

zlib

zlib

mariadb

mariadb

debian

debian_linux

apple

iphone_os
tvos
mac_os_x
watchos

nodejs

node.js

CWE

NVD-CWE-noinfo

Type	Values Removed	Values Added
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory~~	() https://www.oracle.com/security-alerts/cpujul2020.html -
References	~~(BID) http://www.securityfocus.com/bid/95131 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/95131 -
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2017:3046 -
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Mailing List, Patch, Third Party Advisory, VDB Entry~~	() http://www.openwall.com/lists/oss-security/2016/12/05/21 -
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402351 - Issue Tracking, Patch, Third Party Advisory~~	() https://bugzilla.redhat.com/show_bug.cgi?id=1402351 -
References	~~(CONFIRM) https://support.apple.com/HT208115 - Third Party Advisory~~	() https://support.apple.com/HT208115 -
References	~~(GENTOO) https://security.gentoo.org/glsa/201701-56 - Third Party Advisory~~	() https://security.gentoo.org/glsa/201701-56 -
References	~~(SECTRACK) http://www.securitytracker.com/id/1039427 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1039427 -
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2017:1220 -
References	~~(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory~~	() http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html -
References	~~(SECTRACK) http://www.securitytracker.com/id/1041888 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1041888 -
References	~~(CONFIRM) https://support.apple.com/HT208144 - Third Party Advisory~~	() https://support.apple.com/HT208144 -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html -
References	~~(UBUNTU) https://usn.ubuntu.com/4292-1/ - Third Party Advisory~~	() https://usn.ubuntu.com/4292-1/ -
References	~~(CONFIRM) https://support.apple.com/HT208113 - Third Party Advisory~~	() https://support.apple.com/HT208113 -
References	~~(GENTOO) https://security.gentoo.org/glsa/202007-54 - Third Party Advisory~~	() https://security.gentoo.org/glsa/202007-54 -
References	~~(MISC) https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib - Third Party Advisory~~	() https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html -
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html -
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2017:3453 -
References	~~(CONFIRM) https://support.apple.com/HT208112 - Third Party Advisory~~	() https://support.apple.com/HT208112 -
References	~~(CONFIRM) https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 - Patch, Third Party Advisory~~	() https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 -
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - Mailing List, Third Party Advisory~~	() https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html -
References	~~(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory~~	() http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html -
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2017:1221 -
References	~~(MISC) https://wiki.mozilla.org/images/0/09/Zlib-report.pdf - Exploit, Technical Description, Third Party Advisory~~	() https://wiki.mozilla.org/images/0/09/Zlib-report.pdf -
References	~~(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory~~	() http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html -
References	~~(UBUNTU) https://usn.ubuntu.com/4246-1/ - Third Party Advisory~~	() https://usn.ubuntu.com/4246-1/ -
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2017:3047 -
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2017:2999 -
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20181018-0002/ - Third Party Advisory~~	() https://security.netapp.com/advisory/ntap-20181018-0002/ -
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2017:1222 -

Type	Values Removed	Values Added
CWE	~~CWE-189~~	NVD-CWE-noinfo
First Time		Redhat enterprise Linux Workstation Oracle jre Oracle database Server Apple tvos Oracle jdk Redhat enterprise Linux Server Zlib zlib Canonical Netapp Netapp snapcenter Debian debian Linux Apple watchos Redhat enterprise Linux Desktop Redhat enterprise Linux Eus Oracle mysql Apple iphone Os Redhat Debian Apple Redhat satellite Canonical ubuntu Linux Netapp oncommand Workflow Automation Apple mac Os X Netapp oncommand Insight Zlib Oracle Netapp active Iq Unified Manager
CPE	cpe:2.3:a:gnu:zlib:1.2.8:::::::*	cpe:2.3:a:oracle:jre:1.6.0:update161:::::: cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:a:netapp:oncommand_insight:-:::::::* cpe:2.3:a:oracle:jdk:1.7.0:update151:::::: cpe:2.3:a:netapp:snapcenter:-:::::::* cpe:2.3:a:oracle:database_server:18c:::::::* cpe:2.3:a:netapp:active_iq_unified_manager::::::vmware_vsphere::* cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:a:netapp:active_iq_unified_manager::::::windows::* cpe:2.3:a:zlib:zlib:::::::: cpe:2.3:a:oracle:mysql:::::::: cpe:2.3:a:oracle:jdk:1.6.0:update161:::::: cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::* cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:a:oracle:jre:1.8.0:update144:::::: cpe:2.3:o:redhat:enterprise_linux_eus:7.5:::::::* cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::* cpe:2.3:a:oracle:jre:1.7.0:update151:::::: cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:o:apple:watchos:::::::: cpe:2.3:a:oracle:jdk:1.8.0:update144:::::: cpe:2.3:a:redhat:satellite:5.8:::::::* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:::::::* cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - Mailing List, Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - Third Party Advisory
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402351 - Issue Tracking, Patch~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402351 - Issue Tracking, Patch, Third Party Advisory
References	~~(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html -~~	(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/HT208113 -~~	(CONFIRM) https://support.apple.com/HT208113 - Third Party Advisory
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Patch, Third Party Advisory, VDB Entry~~	(MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Mailing List, Patch, Third Party Advisory, VDB Entry
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20181018-0002/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20181018-0002/ - Third Party Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id/1039427 -~~	(SECTRACK) http://www.securitytracker.com/id/1039427 - Third Party Advisory, VDB Entry
References	~~(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html -~~	(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id/1041888 -~~	(SECTRACK) http://www.securitytracker.com/id/1041888 - Third Party Advisory, VDB Entry
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory
References	~~(MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html -~~	(MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - Mailing List, Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/HT208115 -~~	(CONFIRM) https://support.apple.com/HT208115 - Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/HT208112 -~~	(CONFIRM) https://support.apple.com/HT208112 - Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Third Party Advisory~~	(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Mailing List, Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Third Party Advisory~~	(SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Mailing List, Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4292-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4292-1/ - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/HT208144 -~~	(CONFIRM) https://support.apple.com/HT208144 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - Third Party Advisory
References	~~(REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 -~~	(REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory
References	~~(GENTOO) https://security.gentoo.org/glsa/202007-54 -~~	(GENTOO) https://security.gentoo.org/glsa/202007-54 - Third Party Advisory
References	~~(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html -~~	(CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory
References	~~(MISC) https://www.oracle.com/security-alerts/cpujul2020.html -~~	(MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory
References	~~(UBUNTU) https://usn.ubuntu.com/4246-1/ -~~	(UBUNTU) https://usn.ubuntu.com/4246-1/ - Third Party Advisory
References	~~(CONFIRM) https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 - Patch, Vendor Advisory~~	(CONFIRM) https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 - Patch, Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Third Party Advisory~~	(SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Mailing List, Third Party Advisory

9.8 /10