9.8

CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZlibZlib Version >= 1.2.0 < 1.2.9
OpensuseLeap Version42.1
OpensuseLeap Version42.2
OpensuseOpensuse Version13.2
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
OracleDatabase Server Version18c
OracleJdk Version1.6.0 Updateupdate161
OracleJdk Version1.7.0 Updateupdate151
OracleJdk Version1.8.0 Updateupdate144
OracleJre Version1.6.0 Updateupdate161
OracleJre Version1.7.0 Updateupdate151
OracleJre Version1.8.0 Updateupdate144
OracleMysql Version >= 5.5.0 <= 5.5.61
OracleMysql Version >= 5.6.0 <= 5.6.41
OracleMysql Version >= 5.7.0 <= 5.7.23
OracleMysql Version >= 8.0.0 <= 8.0.12
RedhatSatellite Version5.8
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
AppleiPhone OS Version < 11
ApplemacOS X Version >= 10.0.0 < 10.13.0
AppletvOS Version < 11.0
ApplewatchOS Version < 4
NetappActive Iq Unified Manager SwPlatformwindows Version >= 7.3
NetappActive Iq Unified Manager SwPlatformvmware_vsphere Version >= 9.5
NetappOncommand Insight Version-
NetappSnapcenter Version-
MariadbMariadb Version >= 5.5.0 < 5.5.62
MariadbMariadb Version >= 10.0.0 < 10.0.37
MariadbMariadb Version >= 10.1.0 < 10.1.37
MariadbMariadb Version >= 10.2.0 < 10.2.19
MariadbMariadb Version >= 10.3.0 < 10.3.11
NodejsNode.Js SwEdition- Version >= 4.0.0 <= 4.1.2
NodejsNode.Js SwEditionlts Version >= 4.2.0 < 4.8.2
NodejsNode.Js SwEdition- Version >= 6.0.0 <= 6.8.1
NodejsNode.Js SwEditionlts Version >= 6.9.0 < 6.10.2
NodejsNode.Js SwEdition- Version >= 7.0.0 < 7.6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.95% 0.923
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/security-alerts/cpujul2020.html
http://www.securitytracker.com/id/1039427
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/HT208115
https://support.apple.com/HT208144
https://access.redhat.com/errata/RHSA-2017:2999
https://access.redhat.com/errata/RHSA-2017:3046
https://access.redhat.com/errata/RHSA-2017:3453
https://access.redhat.com/errata/RHSA-2017:1220
https://access.redhat.com/errata/RHSA-2017:1221
https://access.redhat.com/errata/RHSA-2017:1222
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
http://www.openwall.com/lists/oss-security/2016/12/05/21
http://www.securityfocus.com/bid/95131
https://access.redhat.com/errata/RHSA-2017:3047
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
https://security.gentoo.org/glsa/201701-56
https://security.gentoo.org/glsa/202007-54
https://usn.ubuntu.com/4246-1/
https://usn.ubuntu.com/4292-1/
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
http://www.securitytracker.com/id/1041888
https://bugzilla.redhat.com/show_bug.cgi?id=1402351
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
https://security.netapp.com/advisory/ntap-20181018-0002/