CVE-2016-9843

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib Third Party Advisory
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf Exploit Technical Description Third Party Advisory
https://security.gentoo.org/glsa/201701-56 Third Party Advisory
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1402351 Issue Tracking Patch Third Party Advisory
http://www.securityfocus.com/bid/95131 Third Party Advisory VDB Entry
http://www.openwall.com/lists/oss-security/2016/12/05/21 Mailing List Patch Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html Mailing List Third Party Advisory
http://www.securitytracker.com/id/1039427 Third Party Advisory VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html Patch Third Party Advisory
https://support.apple.com/HT208144 Third Party Advisory
https://support.apple.com/HT208115 Third Party Advisory
https://support.apple.com/HT208113 Third Party Advisory
https://support.apple.com/HT208112 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3047 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1222 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1221 Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1220 Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html Patch Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html Patch Third Party Advisory
http://www.securitytracker.com/id/1041888 Third Party Advisory VDB Entry
https://security.netapp.com/advisory/ntap-20181018-0002/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html Mailing List Third Party Advisory
https://usn.ubuntu.com/4246-1/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html Mailing List Third Party Advisory
https://usn.ubuntu.com/4292-1/ Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html Third Party Advisory
https://security.gentoo.org/glsa/202007-54 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 8 (hide)

OR cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*

Configuration 9 (hide)

OR cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 10 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
History

16 Aug 2022, 13:02

Type Values Removed Values Added
CPE cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
First Time Nodejs
Nodejs node.js

27 Jun 2022, 16:40

Type Values Removed Values Added
First Time Mariadb
Mariadb mariadb
CPE cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

22 Jun 2022, 17:18

Type Values Removed Values Added
CWE CWE-189 NVD-CWE-noinfo
First Time Redhat enterprise Linux Workstation
Oracle jre
Oracle database Server
Apple tvos
Oracle jdk
Redhat enterprise Linux Server
Zlib zlib
Canonical
Netapp
Netapp snapcenter
Debian debian Linux
Apple watchos
Redhat enterprise Linux Desktop
Redhat enterprise Linux Eus
Oracle mysql
Apple iphone Os
Redhat
Debian
Apple
Redhat satellite
Canonical ubuntu Linux
Netapp oncommand Workflow Automation
Apple mac Os X
Netapp oncommand Insight
Zlib
Oracle
Netapp active Iq Unified Manager
CPE cpe:2.3:a:gnu:zlib:1.2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - (MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - Third Party Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402351 - Issue Tracking, Patch (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402351 - Issue Tracking, Patch, Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208113 - (CONFIRM) https://support.apple.com/HT208113 - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Patch, Third Party Advisory, VDB Entry (MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Mailing List, Patch, Third Party Advisory, VDB Entry
References (CONFIRM) https://security.netapp.com/advisory/ntap-20181018-0002/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20181018-0002/ - Third Party Advisory
References (SECTRACK) http://www.securitytracker.com/id/1039427 - (SECTRACK) http://www.securitytracker.com/id/1039427 - Third Party Advisory, VDB Entry
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory
References (SECTRACK) http://www.securitytracker.com/id/1041888 - (SECTRACK) http://www.securitytracker.com/id/1041888 - Third Party Advisory, VDB Entry
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - Mailing List, Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208115 - (CONFIRM) https://support.apple.com/HT208115 - Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208112 - (CONFIRM) https://support.apple.com/HT208112 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Mailing List, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Mailing List, Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4292-1/ - (UBUNTU) https://usn.ubuntu.com/4292-1/ - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - Third Party Advisory
References (CONFIRM) https://support.apple.com/HT208144 - (CONFIRM) https://support.apple.com/HT208144 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202007-54 - (GENTOO) https://security.gentoo.org/glsa/202007-54 - Third Party Advisory
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html - Patch, Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/4246-1/ - (UBUNTU) https://usn.ubuntu.com/4246-1/ - Third Party Advisory
References (CONFIRM) https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 - Patch, Vendor Advisory (CONFIRM) https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 - Patch, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Third Party Advisory (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Mailing List, Third Party Advisory
Information

Published : 2017-05-23 04:29

Updated : 2022-08-16 13:02

NVD link : CVE-2016-9843

Mitre link : CVE-2016-9843

JSON object : View

Products Affected

canonical

  • ubuntu_linux

zlib

  • zlib

opensuse

  • leap
  • opensuse

apple

  • tvos
  • watchos
  • mac_os_x
  • iphone_os

netapp

  • snapcenter
  • oncommand_workflow_automation
  • oncommand_insight
  • active_iq_unified_manager

redhat

  • enterprise_linux_eus
  • satellite
  • enterprise_linux_desktop
  • enterprise_linux_server
  • enterprise_linux_workstation

oracle

  • jre
  • jdk
  • mysql
  • database_server

nodejs

  • node.js

mariadb

  • mariadb

debian

  • debian_linux
CWE
NVD-CWE-noinfo