Vulnerability Details : CVE-2016-9843
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Products affected by CVE-2016-9843
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
- cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
- cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-9843
Top countries where our scanners detected CVE-2016-9843
Top open port discovered on systems with this issue
3306
IPs affected by CVE-2016-9843 446,550
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-9843!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-9843
1.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9843
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2016-9843
-
https://access.redhat.com/errata/RHSA-2017:1222
RHSA-2017:1222 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1220
RHSA-2017:1220 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT208112
About the security content of iOS 11 - Apple SupportThird Party Advisory
-
http://www.securitytracker.com/id/1039427
Apple macOS/OS X Multiple Flaws Let Remote and Local Users Bypass Security and Deny Service, Local Users Obtain Potentially Sensitive Information, and Applications Gain Elevated Privileges - SecurityTThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
openSUSE-SU-2016:3202-1: moderate: Security update for zlibMailing List;Third Party Advisory
-
https://support.apple.com/HT208113
About the security content of tvOS 11 - Apple SupportThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
CPU Oct 2018Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3046
RHSA-2017:3046 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
[SECURITY] [DLA 1725-1] rsync security updateMailing List;Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.html
Oracle Critical Patch Update Advisory - July 2020Third Party Advisory
-
http://www.securityfocus.com/bid/95131
zlib Multiple Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
https://usn.ubuntu.com/4292-1/
USN-4292-1: rsync vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://support.apple.com/HT208115
About the security content of watchOS 4 - Apple SupportThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2999
RHSA-2017:2999 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT208144
About the security content of macOS High Sierra 10.13 - Apple SupportThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
openSUSE-SU-2017:0080-1: moderate: Security update for zlibMailing List;Third Party Advisory
-
https://usn.ubuntu.com/4246-1/
USN-4246-1: zlib vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
Exploit;Technical Description;Third Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Oracle Critical Patch Update - October 2017Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1041888
MySQL Multiple Flaws Let Remote Users Gain Elevated Privileges, Remote Authenticated Users Access and Modify Data, and Remote and Local Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1221
RHSA-2017:1221 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
MOSS/Secure Open Source/Completed - MozillaWikiThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3047
RHSA-2017:3047 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://security.netapp.com/advisory/ntap-20181018-0002/
October 2018 MySQL Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/12/05/21
oss-security - Re: CVE Request: zlib security issues found during auditMailing List;Patch;Third Party Advisory;VDB Entry
-
https://bugzilla.redhat.com/show_bug.cgi?id=1402351
1402351 – (CVE-2016-9843) CVE-2016-9843 zlib: Big-endian out-of-bounds pointerIssue Tracking;Patch;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:3453
RHSA-2017:3453 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
openSUSE-SU-2017:0077-1: moderate: Security update for zlibMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201701-56
zlib: Multiple vulnerabilities (GLSA 201701-56) — Gentoo securityThird Party Advisory
-
https://security.gentoo.org/glsa/202007-54
rsync: Multiple vulnerabilities (GLSA 202007-54) — Gentoo securityThird Party Advisory
-
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
Avoid pre-decrement of pointer in big-endian CRC calculation. · madler/zlib@d1d5774 · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
[SECURITY] [DLA 2085-1] zlib security updateMailing List;Third Party Advisory
Jump to