The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
La función inflateMark en inflate.c en zlib 1.2.8 podría permitir que los atacantes dependientes del contexto tener un impacto no especificado a través de vectores que implican cambios a la izquierda de enteros negativos.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:M/Au:N/C:P/I:P/A:P
| Access Vector | NETWORK |
|---|---|
| Access Complexity | MEDIUM |
| Authentication | NONE |
| Confidentiality Impact | PARTIAL |
| Integrity Impact | PARTIAL |
| Availability Impact | PARTIAL |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-1335
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| zlib | zlib | * | <built-in method update of dict object at 0x702bdd6af780> | Application |
| opensuse | leap | 42.1 | <built-in method update of dict object at 0x702bdd6f47c0> | Operating System |
| opensuse | leap | 42.2 | <built-in method update of dict object at 0x702b80611f00> | Operating System |
| opensuse | opensuse | 13.2 | <built-in method update of dict object at 0x702bfc4209c0> | Operating System |
| debian | debian_linux | 8.0 | <built-in method update of dict object at 0x702bdd6ac380> | Operating System |
| canonical | ubuntu_linux | 16.04 | <built-in method update of dict object at 0x702bdd6aef00> | Operating System |
| canonical | ubuntu_linux | 18.04 | <built-in method update of dict object at 0x702b80611240> | Operating System |
| oracle | database_server | 18c | <built-in method update of dict object at 0x702b80610480> | Application |
| oracle | jdk | 1.6.0 | <built-in method update of dict object at 0x702b80613980> | Application |
| oracle | jdk | 1.7.0 | <built-in method update of dict object at 0x702bdd6ac840> | Application |
| oracle | jdk | 1.8.0 | <built-in method update of dict object at 0x702b80611740> | Application |
| oracle | jre | 1.6.0 | <built-in method update of dict object at 0x702bdd6f6680> | Application |
| oracle | jre | 1.7.0 | <built-in method update of dict object at 0x702bdd6ae880> | Application |
| oracle | jre | 1.8.0 | <built-in method update of dict object at 0x702bdd6ad000> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702bdc60e500> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702ba705e600> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702bdd6aedc0> | Application |
| oracle | mysql | * | <built-in method update of dict object at 0x702b806125c0> | Application |
| redhat | satellite | 5.8 | <built-in method update of dict object at 0x702b80610a80> | Application |
| redhat | enterprise_linux_desktop | 6.0 | <built-in method update of dict object at 0x702bdd307240> | Operating System |
| redhat | enterprise_linux_desktop | 7.0 | <built-in method update of dict object at 0x702bdd6af6c0> | Operating System |
| redhat | enterprise_linux_eus | 7.4 | <built-in method update of dict object at 0x702bdd6f7e80> | Operating System |
| redhat | enterprise_linux_eus | 7.5 | <built-in method update of dict object at 0x702bdd6ac140> | Operating System |
| redhat | enterprise_linux_server | 6.0 | <built-in method update of dict object at 0x702b80613bc0> | Operating System |
| redhat | enterprise_linux_server | 7.0 | <built-in method update of dict object at 0x702bdd6adcc0> | Operating System |
| redhat | enterprise_linux_workstation | 6.0 | <built-in method update of dict object at 0x702bdd6ad8c0> | Operating System |
| redhat | enterprise_linux_workstation | 7.0 | <built-in method update of dict object at 0x702bdd6f4600> | Operating System |
| apple | iphone_os | * | <built-in method update of dict object at 0x702b80611e40> | Operating System |
| apple | mac_os_x | * | <built-in method update of dict object at 0x702ba705cb80> | Operating System |
| apple | tvos | * | <built-in method update of dict object at 0x702ba705c0c0> | Operating System |
| apple | watchos | * | <built-in method update of dict object at 0x702bdd6af240> | Operating System |
| nodejs | node.js | * | <built-in method update of dict object at 0x702bdc60f640> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702bdc60c3c0> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702bdc60cc80> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702bdc60dd40> | Application |
| nodejs | node.js | * | <built-in method update of dict object at 0x702bdc60ffc0> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
| Yes | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| Yes | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |