Lucene search

K

[email protected]CVE-2016-9843

HistoryMay 23, 2017 - 4:29 a.m.

CVE-2016-9843

2017-05-2304:29:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

336

2

cve-2016-9843

zlib

crc32_big

context-dependent

vector

big-endian

crc

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.1%

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

CPENameOperatorVersion
zlib:zlibzliblt1.2.9
opensuse:leapopensuse leapeq42.2
opensuse:leapopensuse leapeq42.1
opensuse:opensuseopensuseeq13.2
debian:debian_linuxdebian debian linuxeq8.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq18.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq16.04
oracle:mysqloracle mysqlle5.7.23
oracle:mysqloracle mysqlle8.0.12
oracle:mysqloracle mysqlle5.5.61

Rows per page:

1-10 of 451

References

lists.opensuse.org/opensuse-updates/2016-12/msg00127.html

lists.opensuse.org/opensuse-updates/2017-01/msg00050.html

lists.opensuse.org/opensuse-updates/2017-01/msg00053.html

www.openwall.com/lists/oss-security/2016/12/05/21

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.securityfocus.com/bid/95131

www.securitytracker.com/id/1039427

www.securitytracker.com/id/1041888

access.redhat.com/errata/RHSA-2017:1220

access.redhat.com/errata/RHSA-2017:1221

access.redhat.com/errata/RHSA-2017:1222

access.redhat.com/errata/RHSA-2017:2999

access.redhat.com/errata/RHSA-2017:3046

access.redhat.com/errata/RHSA-2017:3047

access.redhat.com/errata/RHSA-2017:3453

bugzilla.redhat.com/show_bug.cgi?id=1402351

github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811

lists.debian.org/debian-lts-announce/2019/03/msg00027.html

lists.debian.org/debian-lts-announce/2020/01/msg00030.html

security.gentoo.org/glsa/201701-56

security.gentoo.org/glsa/202007-54

security.netapp.com/advisory/ntap-20181018-0002/

support.apple.com/HT208112

support.apple.com/HT208113

support.apple.com/HT208115

support.apple.com/HT208144

usn.ubuntu.com/4246-1/

usn.ubuntu.com/4292-1/

wiki.mozilla.org/images/0/09/Zlib-report.pdf

wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib

www.oracle.com/security-alerts/cpujul2020.html

Social References

More

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.1%

Related for CVE-2016-9843

alpinelinux1 mariadbunix1 veracode1 osv4 ubuntucve1 prion1 debiancve1 nessus62 ibm54 amazon3 openvas45 cloudfoundry2 freebsd1 gentoo2 mageia2 debian2 ubuntu2 thn1 f51 photon2 slackware1 altlinux1 redhat3 suse5