inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Inftrees.c en zlib 1.2.8 podrÃa permitir que los atacantes dependientes del contexto tener un impacto no especificado al aprovechar la aritmética de puntero incorrecta.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:M/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| boost | boost | * | <built-in method update of dict object at 0x702b80610f00> | Application |
| zlib | zlib | * | <built-in method update of dict object at 0x702bdc60f780> | Application |
| opensuse | leap | 42.1 | <built-in method update of dict object at 0x702b80612b80> | Operating System |
| opensuse | leap | 42.2 | <built-in method update of dict object at 0x702bdd12bd00> | Operating System |
| opensuse | opensuse | 13.2 | <built-in method update of dict object at 0x702b80613380> | Operating System |
| debian | debian_linux | 8.0 | <built-in method update of dict object at 0x702b80611200> | Operating System |
| canonical | ubuntu_linux | 16.04 | <built-in method update of dict object at 0x702b80613d40> | Operating System |
| canonical | ubuntu_linux | 18.04 | <built-in method update of dict object at 0x702b80610080> | Operating System |
| oracle | database_server | 18c | <built-in method update of dict object at 0x702b80612840> | Application |
| oracle | jdk | 1.6.0 | <built-in method update of dict object at 0x702b80613280> | Application |
| oracle | jdk | 1.7.0 | <built-in method update of dict object at 0x702b806100c0> | Application |
| oracle | jdk | 1.8.0 | <built-in method update of dict object at 0x702bdc60cb80> | Application |
| oracle | jre | 1.6.0 | <built-in method update of dict object at 0x702b80610680> | Application |
| oracle | jre | 1.7.0 | <built-in method update of dict object at 0x702b80612000> | Application |
| oracle | jre | 1.8.0 | <built-in method update of dict object at 0x702b80610540> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702b806102c0> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702b80611740> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702b80610880> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702b80613e00> | Application |
| redhat | satellite | 5.8 | <built-in method update of dict object at 0x702bdd12b580> | Application |
| redhat | enterprise_linux_desktop | 6.0 | <built-in method update of dict object at 0x702b80613840> | Operating System |
| redhat | enterprise_linux_desktop | 7.0 | <built-in method update of dict object at 0x702bdc60fb00> | Operating System |
| redhat | enterprise_linux_eus | 7.4 | <built-in method update of dict object at 0x702b80612d00> | Operating System |
| redhat | enterprise_linux_eus | 7.5 | <built-in method update of dict object at 0x702b80610700> | Operating System |
| redhat | enterprise_linux_server | 6.0 | <built-in method update of dict object at 0x702b80613ac0> | Operating System |
| redhat | enterprise_linux_server | 7.0 | <built-in method update of dict object at 0x702b80612e40> | Operating System |
| redhat | enterprise_linux_workstation | 6.0 | <built-in method update of dict object at 0x702bdd6f4600> | Operating System |
| redhat | enterprise_linux_workstation | 7.0 | <built-in method update of dict object at 0x702b80610200> | Operating System |
| apple | iphone_os | * | <built-in method update of dict object at 0x702b806112c0> | Operating System |
| apple | mac_os_x | * | <built-in method update of dict object at 0x702b80612a80> | Operating System |
| apple | tvos | * | <built-in method update of dict object at 0x702ba705fc00> | Operating System |
| apple | watchos | * | <built-in method update of dict object at 0x702b80612d40> | Operating System |
| nodejs | node.js | * | <built-in method update of dict object at 0x702ba705cf00> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702ba705f300> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702ba705e300> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702ba705dfc0> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702ba705e0c0> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:boost:boost:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
| Yes | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |