IM
IronMonkey Threat Research

CVE-2016-9841 CRITICAL

Published: 2017-05-23 | Last Modified: 2026-07-14 | Status: Modified

Description

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Additional Descriptions (1)

inffast.c en zlib 1.2.8 puede permitir que atacantes dependientes del contexto causen un impacto no especificado aprovechando una aritmética de puntero incorrecta..

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo

Affected Products

Vendor Product Version Update Type
zlib zlib * <built-in method update of dict object at 0x702bdd6af780> Application
opensuse leap 42.1 <built-in method update of dict object at 0x702b80611d00> Operating System
opensuse leap 42.2 <built-in method update of dict object at 0x702b80613a80> Operating System
opensuse opensuse 13.2 <built-in method update of dict object at 0x702b80612480> Operating System
debian debian_linux 8.0 <built-in method update of dict object at 0x702bdd6ac640> Operating System
canonical ubuntu_linux 16.04 <built-in method update of dict object at 0x702bdd6aef00> Operating System
canonical ubuntu_linux 18.04 <built-in method update of dict object at 0x702ba705f640> Operating System
oracle database_server 18c <built-in method update of dict object at 0x702ba705ee40> Application
oracle jdk 1.6.0 <built-in method update of dict object at 0x702b80610600> Application
oracle jdk 1.7.0 <built-in method update of dict object at 0x702bdd6aeb40> Application
oracle jdk 1.8.0 <built-in method update of dict object at 0x702bdd6afb00> Application
oracle jre 1.6.0 <built-in method update of dict object at 0x702ba705ca80> Application
oracle jre 1.7.0 <built-in method update of dict object at 0x702b806113c0> Application
oracle jre 1.8.0 <built-in method update of dict object at 0x702ba705c240> Application
oracle mysql * <built-in method update of dict object at 0x702ba705e1c0> Application
oracle mysql * <built-in method update of dict object at 0x702ba705f9c0> Application
oracle mysql * <built-in method update of dict object at 0x702ba705e640> Application
oracle mysql * <built-in method update of dict object at 0x702bdc60ca00> Application
redhat satellite 5.8 <built-in method update of dict object at 0x702b80610f80> Application
redhat enterprise_linux_desktop 6.0 <built-in method update of dict object at 0x702ba705c040> Operating System
redhat enterprise_linux_desktop 7.0 <built-in method update of dict object at 0x702bdd307240> Operating System
redhat enterprise_linux_eus 7.4 <built-in method update of dict object at 0x702ba705d1c0> Operating System
redhat enterprise_linux_eus 7.5 <built-in method update of dict object at 0x702b80613640> Operating System
redhat enterprise_linux_server 6.0 <built-in method update of dict object at 0x702ba705f7c0> Operating System
redhat enterprise_linux_server 7.0 <built-in method update of dict object at 0x702b80610ec0> Operating System
redhat enterprise_linux_workstation 6.0 <built-in method update of dict object at 0x702ba705c4c0> Operating System
redhat enterprise_linux_workstation 7.0 <built-in method update of dict object at 0x702ba705f140> Operating System
apple iphone_os * <built-in method update of dict object at 0x702bdd6ac740> Operating System
apple mac_os_x * <built-in method update of dict object at 0x702ba705cc80> Operating System
apple tvos * <built-in method update of dict object at 0x702ba705ce80> Operating System
apple watchos * <built-in method update of dict object at 0x702ba705e740> Operating System
netapp active_iq_unified_manager * <built-in method update of dict object at 0x702bfc336ac0> Application
netapp active_iq_unified_manager * <built-in method update of dict object at 0x702bfc335280> Application
netapp cloud_backup - <built-in method update of dict object at 0x702bfc336240> Application
netapp e-series_santricity_management - <built-in method update of dict object at 0x702bfc337e00> Application
netapp e-series_santricity_management - <built-in method update of dict object at 0x702bfc334fc0> Application
netapp e-series_santricity_management - <built-in method update of dict object at 0x702bfc335380> Application
netapp e-series_santricity_os_controller * <built-in method update of dict object at 0x702bfc335400> Application
netapp e-series_santricity_storage_manager - <built-in method update of dict object at 0x702bfc337300> Application
netapp e-series_santricity_web_services - <built-in method update of dict object at 0x702bfc3371c0> Application
netapp oncommand_balance - <built-in method update of dict object at 0x702bfc3358c0> Application
netapp oncommand_insight - <built-in method update of dict object at 0x702bfc3355c0> Application
netapp oncommand_performance_manager - <built-in method update of dict object at 0x702bfc336f40> Application
netapp oncommand_shift - <built-in method update of dict object at 0x702bfc337000> Application
netapp oncommand_unified_manager * <built-in method update of dict object at 0x702bfc337040> Application
netapp oncommand_unified_manager * <built-in method update of dict object at 0x702bfc336a80> Application
netapp oncommand_unified_manager - <built-in method update of dict object at 0x702bfc335dc0> Application
netapp oncommand_workflow_automation - <built-in method update of dict object at 0x702bfc336940> Application
netapp snapmanager - <built-in method update of dict object at 0x702bfc336bc0> Application
netapp snapmanager - <built-in method update of dict object at 0x702bfc334840> Application
netapp solidfire - <built-in method update of dict object at 0x702bfc335f40> Application
netapp steelstore_cloud_integrated_storage - <built-in method update of dict object at 0x702bfc3341c0> Application
netapp storage_replication_adapter_for_clustered_data_ontap - <built-in method update of dict object at 0x702bfc3347c0> Application
netapp symantec_netbackup - <built-in method update of dict object at 0x702bfc337840> Application
netapp vasa_provider_for_clustered_data_ontap * <built-in method update of dict object at 0x702bfc335640> Application
netapp virtual_storage_console - <built-in method update of dict object at 0x702bfc3379c0> Application
netapp hci_storage_node - <built-in method update of dict object at 0x702bcaa95380> Hardware
nodejs node.js * <built-in method update of dict object at 0x702bdc50c7c0> Application
nodejs node.js * <built-in method update of dict object at 0x702bdd12b580> Application
nodejs node.js * <built-in method update of dict object at 0x702bdc50f4c0> Application
nodejs node.js * <built-in method update of dict object at 0x702b832eebc0> Application
nodejs node.js * <built-in method update of dict object at 0x702bdc50d700> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Yes cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Yes cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:*
Yes cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:*
Yes cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*
Yes cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
Yes cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
Yes cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
Yes cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
Yes cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
Yes cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
Yes cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:a:netapp:symantec_netbackup:-:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:vmware_vsphere:*:*
Yes cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

References

Notification
Message here