CVE-2016-9840
zlib: Out-of-bounds pointer arithmetic in inftrees.c
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Inftrees.c en zlib 1.2.8 podrÃa permitir que los atacantes dependientes del contexto tener un impacto no especificado al aprovechar la aritmética de puntero incorrecta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-05 CVE Reserved
- 2017-01-23 CVE Published
- 2024-07-15 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (31)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html | 2023-11-07 | |
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html | 2023-11-07 | |
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:1220 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:1221 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:1222 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:2999 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3046 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3047 | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2017:3453 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1402345 | 2017-12-13 | |
https://security.gentoo.org/glsa/201701-56 | 2023-11-07 | |
https://security.gentoo.org/glsa/202007-54 | 2023-11-07 | |
https://usn.ubuntu.com/4246-1 | 2023-11-07 | |
https://usn.ubuntu.com/4292-1 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2016-9840 | 2017-12-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Zlib Search vendor "Zlib" | Zlib Search vendor "Zlib" for product "Zlib" | >= 1.2.0.6 < 1.2.9 Search vendor "Zlib" for product "Zlib" and version " >= 1.2.0.6 < 1.2.9" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.2 Search vendor "Opensuse" for product "Leap" and version "42.2" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 18c Search vendor "Oracle" for product "Database Server" and version "18c" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.6.0 Search vendor "Oracle" for product "Jdk" and version "1.6.0" | update161 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0" | update151 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jdk Search vendor "Oracle" for product "Jdk" | 1.8.0 Search vendor "Oracle" for product "Jdk" and version "1.8.0" | update144 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.6.0 Search vendor "Oracle" for product "Jre" and version "1.6.0" | update161 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0" | update151 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Jre Search vendor "Oracle" for product "Jre" | 1.8.0 Search vendor "Oracle" for product "Jre" and version "1.8.0" | update144 |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.5.0 <= 5.5.61 Search vendor "Oracle" for product "Mysql" and version " >= 5.5.0 <= 5.5.61" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.6.0 <= 5.6.41 Search vendor "Oracle" for product "Mysql" and version " >= 5.6.0 <= 5.6.41" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 5.7.0 <= 5.7.23 Search vendor "Oracle" for product "Mysql" and version " >= 5.7.0 <= 5.7.23" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Mysql Search vendor "Oracle" for product "Mysql" | >= 8.0.0 <= 8.0.12 Search vendor "Oracle" for product "Mysql" and version " >= 8.0.0 <= 8.0.12" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Satellite Search vendor "Redhat" for product "Satellite" | 5.8 Search vendor "Redhat" for product "Satellite" and version "5.8" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 11 Search vendor "Apple" for product "Iphone Os" and version " < 11" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | >= 10.0.0 < 10.13.0 Search vendor "Apple" for product "Mac Os X" and version " >= 10.0.0 < 10.13.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Tvos Search vendor "Apple" for product "Tvos" | < 11.0 Search vendor "Apple" for product "Tvos" and version " < 11.0" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Watchos Search vendor "Apple" for product "Watchos" | < 4 Search vendor "Apple" for product "Watchos" and version " < 4" | - |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 4.0.0 <= 4.1.2 Search vendor "Nodejs" for product "Node.js" and version " >= 4.0.0 <= 4.1.2" | - |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 4.2.0 < 4.8.2 Search vendor "Nodejs" for product "Node.js" and version " >= 4.2.0 < 4.8.2" | lts |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 6.0.0 <= 6.8.1 Search vendor "Nodejs" for product "Node.js" and version " >= 6.0.0 <= 6.8.1" | - |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 6.9.0 < 6.10.2 Search vendor "Nodejs" for product "Node.js" and version " >= 6.9.0 < 6.10.2" | lts |
Affected
| ||||||
Nodejs Search vendor "Nodejs" | Node.js Search vendor "Nodejs" for product "Node.js" | >= 7.0.0 < 7.6.0 Search vendor "Nodejs" for product "Node.js" and version " >= 7.0.0 < 7.6.0" | - |
Affected
|