IM
IronMonkey Threat Research

CVE-2016-9842 HIGH

Published: 2017-05-23 | Last Modified: 2026-07-14 | Status: Modified

Description

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Additional Descriptions (1)

La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos.

CVSS Metrics

Base Score: 8.8 (HIGH)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality ImpactHIGH
Integrity ImpactHIGH
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 5.9

Base Score: 6.8 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 6.4

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo
134c704f-9b21-4f2e-91b3-4a467353bcc0 Secondary
en CWE-1335

Affected Products

Vendor Product Version Update Type
zlib zlib * <built-in method update of dict object at 0x702bdd6af780> Application
opensuse leap 42.1 <built-in method update of dict object at 0x702bdd6f47c0> Operating System
opensuse leap 42.2 <built-in method update of dict object at 0x702b80611f00> Operating System
opensuse opensuse 13.2 <built-in method update of dict object at 0x702bfc4209c0> Operating System
debian debian_linux 8.0 <built-in method update of dict object at 0x702bdd6ac380> Operating System
canonical ubuntu_linux 16.04 <built-in method update of dict object at 0x702bdd6aef00> Operating System
canonical ubuntu_linux 18.04 <built-in method update of dict object at 0x702b80611240> Operating System
oracle database_server 18c <built-in method update of dict object at 0x702b80610480> Application
oracle jdk 1.6.0 <built-in method update of dict object at 0x702b80613980> Application
oracle jdk 1.7.0 <built-in method update of dict object at 0x702bdd6ac840> Application
oracle jdk 1.8.0 <built-in method update of dict object at 0x702b80611740> Application
oracle jre 1.6.0 <built-in method update of dict object at 0x702bdd6f6680> Application
oracle jre 1.7.0 <built-in method update of dict object at 0x702bdd6ae880> Application
oracle jre 1.8.0 <built-in method update of dict object at 0x702bdd6ad000> Application
oracle mysql * <built-in method update of dict object at 0x702bdc60e500> Application
oracle mysql * <built-in method update of dict object at 0x702ba705e600> Application
oracle mysql * <built-in method update of dict object at 0x702bdd6aedc0> Application
oracle mysql * <built-in method update of dict object at 0x702b806125c0> Application
redhat satellite 5.8 <built-in method update of dict object at 0x702b80610a80> Application
redhat enterprise_linux_desktop 6.0 <built-in method update of dict object at 0x702bdd307240> Operating System
redhat enterprise_linux_desktop 7.0 <built-in method update of dict object at 0x702bdd6af6c0> Operating System
redhat enterprise_linux_eus 7.4 <built-in method update of dict object at 0x702bdd6f7e80> Operating System
redhat enterprise_linux_eus 7.5 <built-in method update of dict object at 0x702bdd6ac140> Operating System
redhat enterprise_linux_server 6.0 <built-in method update of dict object at 0x702b80613bc0> Operating System
redhat enterprise_linux_server 7.0 <built-in method update of dict object at 0x702bdd6adcc0> Operating System
redhat enterprise_linux_workstation 6.0 <built-in method update of dict object at 0x702bdd6ad8c0> Operating System
redhat enterprise_linux_workstation 7.0 <built-in method update of dict object at 0x702bdd6f4600> Operating System
apple iphone_os * <built-in method update of dict object at 0x702b80611e40> Operating System
apple mac_os_x * <built-in method update of dict object at 0x702ba705cb80> Operating System
apple tvos * <built-in method update of dict object at 0x702ba705c0c0> Operating System
apple watchos * <built-in method update of dict object at 0x702bdd6af240> Operating System
nodejs node.js * <built-in method update of dict object at 0x702bdc60f640> Application
nodejs node.js * <built-in method update of dict object at 0x702bdc60c3c0> Application
nodejs node.js * <built-in method update of dict object at 0x702bdc60cc80> Application
nodejs node.js * <built-in method update of dict object at 0x702bdc60dd40> Application
nodejs node.js * <built-in method update of dict object at 0x702bdc60ffc0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Yes cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
Yes cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Yes cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Yes cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Yes cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Yes cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

References

Notification
Message here