Vulnerability Details : CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Published 2017-05-23 04:29:02

Updated 2022-08-16 13:02:13

Source SUSE

View at NVD, CVE.org

Threat overview for CVE-2016-9843

Top countries where our scanners detected CVE-2016-9843

Top open port discovered on systems with this issue 90

IPs affected by CVE-2016-9843 1,194

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-9843!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-9843

Probability of exploitation activity in the next 30 days: 1.41%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-9843

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2016-9843

https://access.redhat.com/errata/RHSA-2017:1222

RHSA-2017:1222 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1220

RHSA-2017:1220 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT208112

About the security content of iOS 11 - Apple Support
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1039427

Apple macOS/OS X Multiple Flaws Let Remote and Local Users Bypass Security and Deny Service, Local Users Obtain Potentially Sensitive Information, and Applications Gain Elevated Privileges - SecurityT
Third Party Advisory;VDB Entry

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html

openSUSE-SU-2016:3202-1: moderate: Security update for zlib
Mailing List;Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT208113

About the security content of tvOS 11 - Apple Support
Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

CPU Oct 2018
Patch;Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3046

RHSA-2017:3046 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html

[SECURITY] [DLA 1725-1] rsync security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.oracle.com/security-alerts/cpujul2020.html

Oracle Critical Patch Update Advisory - July 2020
Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/95131

zlib Multiple Denial of Service Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
https://usn.ubuntu.com/4292-1/

USN-4292-1: rsync vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT208115

About the security content of watchOS 4 - Apple Support
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:2999

RHSA-2017:2999 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT208144

About the security content of macOS High Sierra 10.13 - Apple Support
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html

openSUSE-SU-2017:0080-1: moderate: Security update for zlib
Mailing List;Third Party Advisory

CVEs referencing this url
https://usn.ubuntu.com/4246-1/

USN-4246-1: zlib vulnerabilities | Ubuntu security notices | Ubuntu
Third Party Advisory

CVEs referencing this url
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf

Exploit;Technical Description;Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Oracle Critical Patch Update - October 2017
Patch;Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1041888

MySQL Multiple Flaws Let Remote Users Gain Elevated Privileges, Remote Authenticated Users Access and Modify Data, and Remote and Local Users Deny Service - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:1221

RHSA-2017:1221 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib

MOSS/Secure Open Source/Completed - MozillaWiki
Third Party Advisory

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2017:3047

RHSA-2017:3047 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20181018-0002/

October 2018 MySQL Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/12/05/21

oss-security - Re: CVE Request: zlib security issues found during audit
Mailing List;Patch;Third Party Advisory;VDB Entry

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1402351

1402351 – (CVE-2016-9843) CVE-2016-9843 zlib: Big-endian out-of-bounds pointer
Issue Tracking;Patch;Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:3453

RHSA-2017:3453 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

CPU July 2018
Patch;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html

openSUSE-SU-2017:0077-1: moderate: Security update for zlib
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201701-56

zlib: Multiple vulnerabilities (GLSA 201701-56) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202007-54

rsync: Multiple vulnerabilities (GLSA 202007-54) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811

Avoid pre-decrement of pointer in big-endian CRC calculation. · madler/zlib@d1d5774 · GitHub
Patch;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html

[SECURITY] [DLA 2085-1] zlib security update
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2016-9843

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Satellite » Version: 5.8
cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X
Versions from including (>=) 10.0.0 and before (<) 10.13.0
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Iphone Os
Versions before (<) 11
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Watchos
Versions before (<) 4
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Matching versions
Apple » Tvos
Versions before (<) 11.0
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions
Oracle » Database Server » Version: 18C
cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.7.0 Update Update151
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.8.0 Update Update144
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
Matching versions
Oracle » JDK » Version: 1.6.0 Update Update161
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.6.0 Update Update161
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.8.0 Update Update144
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
Matching versions
Oracle » JRE » Version: 1.7.0 Update Update151
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.7.0 and up to, including, (<=) 5.7.23
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.6.0 and up to, including, (<=) 5.6.41
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 5.5.0 and up to, including, (<=) 5.5.61
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql
Versions from including (>=) 8.0.0 and up to, including, (<=) 8.0.12
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 42.2
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Workflow Automation » Version: N/A
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
Matching versions
Netapp » Oncommand Insight » Version: N/A
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapcenter » Version: N/A
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Vmware Vsphere
Versions from including (>=) 9.5
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Active Iq Unified Manager » For Windows
Versions from including (>=) 7.3
cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 5.5.0 and before (<) 5.5.62
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.0.0 and before (<) 10.0.37
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.3.0 and before (<) 10.3.11
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.2.0 and before (<) 10.2.19
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Mariadb » Mariadb
Versions from including (>=) 10.1.0 and before (<) 10.1.37
cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
Matching versions
Nodejs » Node.js »
Versions from including (>=) 6.0.0 and up to, including, (<=) 6.8.1
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Matching versions
Nodejs » Node.js » LTS Edition
Versions from including (>=) 6.9.0 and before (<) 6.10.2
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Matching versions
Nodejs » Node.js » LTS Edition
Versions from including (>=) 4.2.0 and before (<) 4.8.2
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
Matching versions
Nodejs » Node.js »
Versions from including (>=) 4.0.0 and up to, including, (<=) 4.1.2
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Matching versions
Nodejs » Node.js »
Versions from including (>=) 7.0.0 and before (<) 7.6.0
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
Matching versions
Zlib » Zlib
Versions from including (>=) 1.2.0 and before (<) 1.2.9
cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*
Matching versions