Vulnerability Details : CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Threat overview for CVE-2016-9841
Top countries where our scanners detected CVE-2016-9841
Top open port discovered on systems with this issue
90
IPs affected by CVE-2016-9841 1,302
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-9841!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-9841
Probability of exploitation activity in the next 30 days: 1.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 83 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-9841
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2016-9841
-
https://access.redhat.com/errata/RHSA-2017:1222
RHSA-2017:1222 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1220
RHSA-2017:1220 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT208112
About the security content of iOS 11 - Apple SupportThird Party Advisory
-
http://www.securitytracker.com/id/1039427
Apple macOS/OS X Multiple Flaws Let Remote and Local Users Bypass Security and Deny Service, Local Users Obtain Potentially Sensitive Information, and Applications Gain Elevated Privileges - SecurityTBroken Link;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
openSUSE-SU-2016:3202-1: moderate: Security update for zlibMailing List;Third Party Advisory
-
https://support.apple.com/HT208113
About the security content of tvOS 11 - Apple SupportThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3046
RHSA-2017:3046 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
[SECURITY] [DLA 1725-1] rsync security updateMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Third Party Advisory
-
http://www.securityfocus.com/bid/95131
zlib Multiple Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
https://usn.ubuntu.com/4292-1/
USN-4292-1: rsync vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://support.apple.com/HT208115
About the security content of watchOS 4 - Apple SupportThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2999
RHSA-2017:2999 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT208144
About the security content of macOS High Sierra 10.13 - Apple SupportThird Party Advisory
-
https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
Use post-increment only in inffast.c. · madler/zlib@9aaec95 · GitHubPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
openSUSE-SU-2017:0080-1: moderate: Security update for zlibMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4246-1/
USN-4246-1: zlib vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
Exploit;Technical Description;Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Oracle Critical Patch Update - October 2017Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1221
RHSA-2017:1221 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
MOSS/Secure Open Source/Completed - MozillaWikiThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3047
RHSA-2017:3047 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20171019-0001/
October 2017 Java Platform Standard Edition Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://www.securitytracker.com/id/1039596
Oracle Java SE Multiple Flaws Let Remote Users Access and Modify Data, Deny Service, and Gain Elevated Privileges - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2016/12/05/21
oss-security - Re: CVE Request: zlib security issues found during auditMailing List;Patch;Third Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=1402346
1402346 – (CVE-2016-9841) CVE-2016-9841 zlib: Out-of-bounds pointer arithmetic in inffast.cIssue Tracking
-
https://access.redhat.com/errata/RHSA-2017:3453
RHSA-2017:3453 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
openSUSE-SU-2017:0077-1: moderate: Security update for zlibMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201701-56
zlib: Multiple vulnerabilities (GLSA 201701-56) — Gentoo securityThird Party Advisory
-
https://security.gentoo.org/glsa/202007-54
rsync: Multiple vulnerabilities (GLSA 202007-54) — Gentoo securityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
[SECURITY] [DLA 2085-1] zlib security updateMailing List;Third Party Advisory
Products affected by CVE-2016-9841
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*
- cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
- cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
- Netapp » E-series Santricity Os ControllerVersions from including (>=) 11.0.0 and up to, including, (<=) 11.70.1cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:*
- cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:*
- cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*
- cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*
- cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
- cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
- cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:symantec_netbackup:-:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*