inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta..
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:L/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| zlib | zlib | * | <built-in method update of dict object at 0x702bdd6af780> | Application |
| opensuse | leap | 42.1 | <built-in method update of dict object at 0x702b80611d00> | Operating System |
| opensuse | leap | 42.2 | <built-in method update of dict object at 0x702b80613a80> | Operating System |
| opensuse | opensuse | 13.2 | <built-in method update of dict object at 0x702b80612480> | Operating System |
| debian | debian_linux | 8.0 | <built-in method update of dict object at 0x702bdd6ac640> | Operating System |
| canonical | ubuntu_linux | 16.04 | <built-in method update of dict object at 0x702bdd6aef00> | Operating System |
| canonical | ubuntu_linux | 18.04 | <built-in method update of dict object at 0x702ba705f640> | Operating System |
| oracle | database_server | 18c | <built-in method update of dict object at 0x702ba705ee40> | Application |
| oracle | jdk | 1.6.0 | <built-in method update of dict object at 0x702b80610600> | Application |
| oracle | jdk | 1.7.0 | <built-in method update of dict object at 0x702bdd6aeb40> | Application |
| oracle | jdk | 1.8.0 | <built-in method update of dict object at 0x702bdd6afb00> | Application |
| oracle | jre | 1.6.0 | <built-in method update of dict object at 0x702ba705ca80> | Application |
| oracle | jre | 1.7.0 | <built-in method update of dict object at 0x702b806113c0> | Application |
| oracle | jre | 1.8.0 | <built-in method update of dict object at 0x702ba705c240> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702ba705e1c0> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702ba705f9c0> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702ba705e640> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702bdc60ca00> | Application |
| redhat | satellite | 5.8 | <built-in method update of dict object at 0x702b80610f80> | Application |
| redhat | enterprise_linux_desktop | 6.0 | <built-in method update of dict object at 0x702ba705c040> | Operating System |
| redhat | enterprise_linux_desktop | 7.0 | <built-in method update of dict object at 0x702bdd307240> | Operating System |
| redhat | enterprise_linux_eus | 7.4 | <built-in method update of dict object at 0x702ba705d1c0> | Operating System |
| redhat | enterprise_linux_eus | 7.5 | <built-in method update of dict object at 0x702b80613640> | Operating System |
| redhat | enterprise_linux_server | 6.0 | <built-in method update of dict object at 0x702ba705f7c0> | Operating System |
| redhat | enterprise_linux_server | 7.0 | <built-in method update of dict object at 0x702b80610ec0> | Operating System |
| redhat | enterprise_linux_workstation | 6.0 | <built-in method update of dict object at 0x702ba705c4c0> | Operating System |
| redhat | enterprise_linux_workstation | 7.0 | <built-in method update of dict object at 0x702ba705f140> | Operating System |
| apple | iphone_os | * | <built-in method update of dict object at 0x702bdd6ac740> | Operating System |
| apple | mac_os_x | * | <built-in method update of dict object at 0x702ba705cc80> | Operating System |
| apple | tvos | * | <built-in method update of dict object at 0x702ba705ce80> | Operating System |
| apple | watchos | * | <built-in method update of dict object at 0x702ba705e740> | Operating System |
| netapp | active_iq_unified_manager | * | <built-in method update of dict object at 0x702bfc336ac0> | Application |
| netapp | active_iq_unified_manager | * | <built-in method update of dict object at 0x702bfc335280> | Application |
| netapp | cloud_backup | - | <built-in method update of dict object at 0x702bfc336240> | Application |
| netapp | e-series_santricity_management | - | <built-in method update of dict object at 0x702bfc337e00> | Application |
| netapp | e-series_santricity_management | - | <built-in method update of dict object at 0x702bfc334fc0> | Application |
| netapp | e-series_santricity_management | - | <built-in method update of dict object at 0x702bfc335380> | Application |
| netapp | e-series_santricity_os_controller | * | <built-in method update of dict object at 0x702bfc335400> | Application |
| netapp | e-series_santricity_storage_manager | - | <built-in method update of dict object at 0x702bfc337300> | Application |
| netapp | e-series_santricity_web_services | - | <built-in method update of dict object at 0x702bfc3371c0> | Application |
| netapp | oncommand_balance | - | <built-in method update of dict object at 0x702bfc3358c0> | Application |
| netapp | oncommand_insight | - | <built-in method update of dict object at 0x702bfc3355c0> | Application |
| netapp | oncommand_performance_manager | - | <built-in method update of dict object at 0x702bfc336f40> | Application |
| netapp | oncommand_shift | - | <built-in method update of dict object at 0x702bfc337000> | Application |
| netapp | oncommand_unified_manager | * | <built-in method update of dict object at 0x702bfc337040> | Application |
| netapp | oncommand_unified_manager | * | <built-in method update of dict object at 0x702bfc336a80> | Application |
| netapp | oncommand_unified_manager | - | <built-in method update of dict object at 0x702bfc335dc0> | Application |
| netapp | oncommand_workflow_automation | - | <built-in method update of dict object at 0x702bfc336940> | Application |
| netapp | snapmanager | - | <built-in method update of dict object at 0x702bfc336bc0> | Application |
| netapp | snapmanager | - | <built-in method update of dict object at 0x702bfc334840> | Application |
| netapp | solidfire | - | <built-in method update of dict object at 0x702bfc335f40> | Application |
| netapp | steelstore_cloud_integrated_storage | - | <built-in method update of dict object at 0x702bfc3341c0> | Application |
| netapp | storage_replication_adapter_for_clustered_data_ontap | - | <built-in method update of dict object at 0x702bfc3347c0> | Application |
| netapp | symantec_netbackup | - | <built-in method update of dict object at 0x702bfc337840> | Application |
| netapp | vasa_provider_for_clustered_data_ontap | * | <built-in method update of dict object at 0x702bfc335640> | Application |
| netapp | virtual_storage_console | - | <built-in method update of dict object at 0x702bfc3379c0> | Application |
| netapp | hci_storage_node | - | <built-in method update of dict object at 0x702bcaa95380> | Hardware |
| nodejs | node.js | * | <built-in method update of dict object at 0x702bdc50c7c0> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702bdd12b580> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702bdc50f4c0> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702b832eebc0> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702bdc50d700> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
| Yes | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* |
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:* |
| Yes | cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:* |
| Yes | cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:* |
| Yes | cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:* |
| Yes | cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:* |
| Yes | cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:symantec_netbackup:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |