IM
IronMonkey Threat Research

CVE-2016-9840 HIGH

Published: 2017-05-23 | Last Modified: 2026-07-14 | Status: Modified

Description

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Additional Descriptions (1)

Inftrees.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado al aprovechar la aritmética de puntero incorrecta.

CVSS Metrics

Base Score: 8.8 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 5.9

Base Score: 6.8 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 6.4

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo

Affected Products

Vendor Product Version Update Type
boost boost * <built-in method update of dict object at 0x702b80610f00> Application
zlib zlib * <built-in method update of dict object at 0x702bdc60f780> Application
opensuse leap 42.1 <built-in method update of dict object at 0x702b80612b80> Operating System
opensuse leap 42.2 <built-in method update of dict object at 0x702bdd12bd00> Operating System
opensuse opensuse 13.2 <built-in method update of dict object at 0x702b80613380> Operating System
debian debian_linux 8.0 <built-in method update of dict object at 0x702b80611200> Operating System
canonical ubuntu_linux 16.04 <built-in method update of dict object at 0x702b80613d40> Operating System
canonical ubuntu_linux 18.04 <built-in method update of dict object at 0x702b80610080> Operating System
oracle database_server 18c <built-in method update of dict object at 0x702b80612840> Application
oracle jdk 1.6.0 <built-in method update of dict object at 0x702b80613280> Application
oracle jdk 1.7.0 <built-in method update of dict object at 0x702b806100c0> Application
oracle jdk 1.8.0 <built-in method update of dict object at 0x702bdc60cb80> Application
oracle jre 1.6.0 <built-in method update of dict object at 0x702b80610680> Application
oracle jre 1.7.0 <built-in method update of dict object at 0x702b80612000> Application
oracle jre 1.8.0 <built-in method update of dict object at 0x702b80610540> Application
oracle mysql * <built-in method update of dict object at 0x702b806102c0> Application
oracle mysql * <built-in method update of dict object at 0x702b80611740> Application
oracle mysql * <built-in method update of dict object at 0x702b80610880> Application
oracle mysql * <built-in method update of dict object at 0x702b80613e00> Application
redhat satellite 5.8 <built-in method update of dict object at 0x702bdd12b580> Application
redhat enterprise_linux_desktop 6.0 <built-in method update of dict object at 0x702b80613840> Operating System
redhat enterprise_linux_desktop 7.0 <built-in method update of dict object at 0x702bdc60fb00> Operating System
redhat enterprise_linux_eus 7.4 <built-in method update of dict object at 0x702b80612d00> Operating System
redhat enterprise_linux_eus 7.5 <built-in method update of dict object at 0x702b80610700> Operating System
redhat enterprise_linux_server 6.0 <built-in method update of dict object at 0x702b80613ac0> Operating System
redhat enterprise_linux_server 7.0 <built-in method update of dict object at 0x702b80612e40> Operating System
redhat enterprise_linux_workstation 6.0 <built-in method update of dict object at 0x702bdd6f4600> Operating System
redhat enterprise_linux_workstation 7.0 <built-in method update of dict object at 0x702b80610200> Operating System
apple iphone_os * <built-in method update of dict object at 0x702b806112c0> Operating System
apple mac_os_x * <built-in method update of dict object at 0x702b80612a80> Operating System
apple tvos * <built-in method update of dict object at 0x702ba705fc00> Operating System
apple watchos * <built-in method update of dict object at 0x702b80612d40> Operating System
nodejs node.js * <built-in method update of dict object at 0x702ba705cf00> Application
nodejs node.js * <built-in method update of dict object at 0x702ba705f300> Application
nodejs node.js * <built-in method update of dict object at 0x702ba705e300> Application
nodejs node.js * <built-in method update of dict object at 0x702ba705dfc0> Application
nodejs node.js * <built-in method update of dict object at 0x702ba705e0c0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:boost:boost:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Yes cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

References

Notification
Message here