8.8

CVE-2016-9842

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZlibZlib Version >= 1.2.3.4 < 1.2.9
OpensuseLeap Version42.1
OpensuseLeap Version42.2
OpensuseOpensuse Version13.2
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionesm
OracleDatabase Server Version18c
OracleJdk Version1.6.0 Updateupdate161
OracleJdk Version1.7.0 Updateupdate151
OracleJdk Version1.8.0 Updateupdate144
OracleJre Version1.6.0 Updateupdate161
OracleJre Version1.7.0 Updateupdate151
OracleJre Version1.8.0 Updateupdate144
OracleMysql Version >= 5.5.0 <= 5.5.61
OracleMysql Version >= 5.6.0 <= 5.6.41
OracleMysql Version >= 5.7.0 <= 5.7.23
OracleMysql Version >= 8.0.0 <= 8.0.12
RedhatSatellite Version5.8
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
AppleiPhone OS Version < 11
ApplemacOS X Version >= 10.0.0 < 10.13.0
AppletvOS Version < 11.0
ApplewatchOS Version < 4
NodejsNode.Js SwEdition- Version >= 4.0.0 <= 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.8.2
NodejsNode.Js SwEdition- Version >= 6.0.0 <= 6.8.1
NodejsNode.Js SwEditionlts Version >= 6.9.0 < 6.10.2
NodejsNode.Js SwEdition- Version >= 7.0.0 < 7.6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.16% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-1335 Incorrect Bitwise Shift of Integer

An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
http://www.securitytracker.com/id/1039427
Third Party Advisory
Broken Link
VDB Entry
https://support.apple.com/HT208112
Third Party Advisory
https://support.apple.com/HT208113
Third Party Advisory
https://support.apple.com/HT208115
Third Party Advisory
https://support.apple.com/HT208144
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2999
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3046
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1220
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1221
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:1222
Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
Broken Link
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
Broken Link
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
Broken Link
http://www.openwall.com/lists/oss-security/2016/12/05/21
Patch
Mailing List
http://www.securityfocus.com/bid/95131
Third Party Advisory
Broken Link
VDB Entry
https://access.redhat.com/errata/RHSA-2017:3047
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201701-56
Third Party Advisory
https://security.gentoo.org/glsa/202007-54
Third Party Advisory
https://usn.ubuntu.com/4246-1/
Third Party Advisory
https://usn.ubuntu.com/4292-1/
Third Party Advisory
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
Third Party Advisory
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1402348
Patch
Issue Tracking
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
Patch