CVE-2016-9840

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 23-05-2017 06:29

Last modified: - 16-08-2022 03:16

Total changes: - 7

Description

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

8.8

Base score

2.8

5.9

Exploitability score

Impact score

Verification logic

Reference

https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
GLSA-201701-56-Third Party Advisory
https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
https://bugzilla.redhat.com/show_bug.cgi?id=1402345
95131-Third Party Advisory, VDB Entry
[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit-Mailing List, Patch, Third Party Advisory
openSUSE-SU-2017:0080-Mailing List, Third Party Advisory
openSUSE-SU-2017:0077-Mailing List, Third Party Advisory
openSUSE-SU-2016:3202-Mailing List, Third Party Advisory
1039427-Broken Link, Third Party Advisory, VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
https://support.apple.com/HT208144
https://support.apple.com/HT208115
https://support.apple.com/HT208113
https://support.apple.com/HT208112
RHSA-2017:3047-Third Party Advisory
RHSA-2017:3046-Third Party Advisory
RHSA-2017:3453-Third Party Advisory
RHSA-2017:2999-Third Party Advisory
RHSA-2017:1222-Third Party Advisory
RHSA-2017:1221-Third Party Advisory
RHSA-2017:1220-Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update-Mailing List, Third Party Advisory
USN-4246-1-Third Party Advisory
[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update-Mailing List, Third Party Advisory
USN-4292-1-Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
GLSA-202007-54-Third Party Advisory

Keywords

CVE-2016-9840

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2016-9840

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures