CVE-2016-9843

Description

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Related CPE's

azlibzlib********

oopensuseleap42.2*******

oopensuseleap42.1*******

oopensuseopensuse13.2*******

odebiandebian_linux8.0*******

ocanonicalubuntu_linux18.04***lts***

ocanonicalubuntu_linux16.04***esm***

aoraclemysql********

aoraclemysql********

aoraclemysql********

References

https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib

Third Party Advisory

https://wiki.mozilla.org/images/0/09/Zlib-report.pdf

ExploitTechnical DescriptionThird Party Advisory

GLSA-201701-56

Third Party Advisory

https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811

PatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1402351

Issue TrackingPatchThird Party Advisory

95131

Third Party AdvisoryVDB Entry

[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit

Mailing ListPatchThird Party AdvisoryVDB Entry

openSUSE-SU-2017:0080

Mailing ListThird Party Advisory

openSUSE-SU-2017:0077

Mailing ListThird Party Advisory

openSUSE-SU-2016:3202

Mailing ListThird Party Advisory

1039427

Third Party AdvisoryVDB Entry

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

PatchThird Party Advisory

https://support.apple.com/HT208144

Third Party Advisory

https://support.apple.com/HT208115

Third Party Advisory

https://support.apple.com/HT208113

Third Party Advisory

https://support.apple.com/HT208112

Third Party Advisory

RHSA-2017:3047

Third Party Advisory

RHSA-2017:3046

Third Party Advisory

RHSA-2017:3453

Third Party Advisory

RHSA-2017:2999

Third Party Advisory

RHSA-2017:1222

Third Party Advisory

RHSA-2017:1221

Third Party Advisory

RHSA-2017:1220

Third Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

PatchThird Party Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

PatchThird Party Advisory

1041888

Third Party AdvisoryVDB Entry

https://security.netapp.com/advisory/ntap-20181018-0002/

Third Party Advisory

[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update

Mailing ListThird Party Advisory

USN-4246-1

Third Party Advisory

[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update

Mailing ListThird Party Advisory

USN-4292-1

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Third Party Advisory

GLSA-202007-54

Third Party Advisory

CvssV3 impact

BaseSeverity

CRITICAL

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

9.8

VectorString

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Version

3.0

UserInteraction

NONE

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

7.5

Created by Yello
About Severity.io