8.8

CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BoostBoost Version < 1.78.0
ZlibZlib Version >= 1.2.0.6 < 1.2.9
OpensuseLeap Version42.1
OpensuseLeap Version42.2
OpensuseOpensuse Version13.2
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionesm
OracleDatabase Server Version18c
OracleJdk Version1.6.0 Updateupdate161
OracleJdk Version1.7.0 Updateupdate151
OracleJdk Version1.8.0 Updateupdate144
OracleJre Version1.6.0 Updateupdate161
OracleJre Version1.7.0 Updateupdate151
OracleJre Version1.8.0 Updateupdate144
OracleMysql Version >= 5.5.0 <= 5.5.61
OracleMysql Version >= 5.6.0 <= 5.6.41
OracleMysql Version >= 5.7.0 <= 5.7.23
OracleMysql Version >= 8.0.0 <= 8.0.12
RedhatSatellite Version5.8
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
AppleiPhone OS Version < 11
ApplemacOS X Version >= 10.0.0 < 10.13.0
AppletvOS Version < 11.0
ApplewatchOS Version < 4
NodejsNode.Js SwEdition- Version >= 4.0.0 <= 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.8.2
NodejsNode.Js SwEdition- Version >= 6.0.0 <= 6.8.1
NodejsNode.Js SwEditionlts Version >= 6.9.0 < 6.10.2
NodejsNode.Js SwEdition- Version >= 7.0.0 < 7.6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.79% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
http://www.securitytracker.com/id/1039427
Broken Link
https://support.apple.com/HT208112
Third Party Advisory
https://support.apple.com/HT208113
Third Party Advisory
https://support.apple.com/HT208115
Third Party Advisory
https://support.apple.com/HT208144
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1220
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1221
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1222
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/05/21
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/95131
Broken Link
https://access.redhat.com/errata/RHSA-2017:3047
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1402345
Third Party Advisory
Issue Tracking
https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201701-56
Third Party Advisory
https://security.gentoo.org/glsa/202007-54
Third Party Advisory
https://usn.ubuntu.com/4246-1/
Third Party Advisory
https://usn.ubuntu.com/4292-1/
Third Party Advisory
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
Third Party Advisory
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
Broken Link