CVE-2016-9840

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
References
Link Resource
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
http://www.openwall.com/lists/oss-security/2016/12/05/21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/95131
http://www.securitytracker.com/id/1039427
https://access.redhat.com/errata/RHSA-2017:1220
https://access.redhat.com/errata/RHSA-2017:1221
https://access.redhat.com/errata/RHSA-2017:1222
https://access.redhat.com/errata/RHSA-2017:2999
https://access.redhat.com/errata/RHSA-2017:3046
https://access.redhat.com/errata/RHSA-2017:3047
https://access.redhat.com/errata/RHSA-2017:3453
https://bugzilla.redhat.com/show_bug.cgi?id=1402345
https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
https://security.gentoo.org/glsa/201701-56
https://security.gentoo.org/glsa/202007-54
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/HT208115
https://support.apple.com/HT208144
https://usn.ubuntu.com/4246-1/
https://usn.ubuntu.com/4292-1/
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
https://www.oracle.com/security-alerts/cpujul2020.html
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
http://www.openwall.com/lists/oss-security/2016/12/05/21
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/95131
http://www.securitytracker.com/id/1039427
https://access.redhat.com/errata/RHSA-2017:1220
https://access.redhat.com/errata/RHSA-2017:1221
https://access.redhat.com/errata/RHSA-2017:1222
https://access.redhat.com/errata/RHSA-2017:2999
https://access.redhat.com/errata/RHSA-2017:3046
https://access.redhat.com/errata/RHSA-2017:3047
https://access.redhat.com/errata/RHSA-2017:3453
https://bugzilla.redhat.com/show_bug.cgi?id=1402345
https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
https://security.gentoo.org/glsa/201701-56
https://security.gentoo.org/glsa/202007-54
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/HT208115
https://support.apple.com/HT208144
https://usn.ubuntu.com/4246-1/
https://usn.ubuntu.com/4292-1/
https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
https://www.oracle.com/security-alerts/cpujul2020.html
Configurations

Configuration 1 (hide)

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*
cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 7 (hide)

OR cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Configuration 8 (hide)

OR cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*
cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

History

21 Nov 2024, 03:01

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - () http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html -
References () http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - () http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html -
References () http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - () http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html -
References () http://www.openwall.com/lists/oss-security/2016/12/05/21 - () http://www.openwall.com/lists/oss-security/2016/12/05/21 -
References () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html -
References () http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - () http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html -
References () http://www.securityfocus.com/bid/95131 - () http://www.securityfocus.com/bid/95131 -
References () http://www.securitytracker.com/id/1039427 - () http://www.securitytracker.com/id/1039427 -
References () https://access.redhat.com/errata/RHSA-2017:1220 - () https://access.redhat.com/errata/RHSA-2017:1220 -
References () https://access.redhat.com/errata/RHSA-2017:1221 - () https://access.redhat.com/errata/RHSA-2017:1221 -
References () https://access.redhat.com/errata/RHSA-2017:1222 - () https://access.redhat.com/errata/RHSA-2017:1222 -
References () https://access.redhat.com/errata/RHSA-2017:2999 - () https://access.redhat.com/errata/RHSA-2017:2999 -
References () https://access.redhat.com/errata/RHSA-2017:3046 - () https://access.redhat.com/errata/RHSA-2017:3046 -
References () https://access.redhat.com/errata/RHSA-2017:3047 - () https://access.redhat.com/errata/RHSA-2017:3047 -
References () https://access.redhat.com/errata/RHSA-2017:3453 - () https://access.redhat.com/errata/RHSA-2017:3453 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=1402345 - () https://bugzilla.redhat.com/show_bug.cgi?id=1402345 -
References () https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 - () https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 -
References () https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - () https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html -
References () https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - () https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html -
References () https://security.gentoo.org/glsa/201701-56 - () https://security.gentoo.org/glsa/201701-56 -
References () https://security.gentoo.org/glsa/202007-54 - () https://security.gentoo.org/glsa/202007-54 -
References () https://support.apple.com/HT208112 - () https://support.apple.com/HT208112 -
References () https://support.apple.com/HT208113 - () https://support.apple.com/HT208113 -
References () https://support.apple.com/HT208115 - () https://support.apple.com/HT208115 -
References () https://support.apple.com/HT208144 - () https://support.apple.com/HT208144 -
References () https://usn.ubuntu.com/4246-1/ - () https://usn.ubuntu.com/4246-1/ -
References () https://usn.ubuntu.com/4292-1/ - () https://usn.ubuntu.com/4292-1/ -
References () https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib - () https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib -
References () https://wiki.mozilla.org/images/0/09/Zlib-report.pdf - () https://wiki.mozilla.org/images/0/09/Zlib-report.pdf -
References () https://www.oracle.com/security-alerts/cpujul2020.html - () https://www.oracle.com/security-alerts/cpujul2020.html -

07 Nov 2023, 02:37

Type Values Removed Values Added
References (SUSE) http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html -
References (CONFIRM) https://support.apple.com/HT208113 - Third Party Advisory () https://support.apple.com/HT208113 -
References (CONFIRM) https://support.apple.com/HT208115 - Third Party Advisory () https://support.apple.com/HT208115 -
References (UBUNTU) https://usn.ubuntu.com/4246-1/ - Third Party Advisory () https://usn.ubuntu.com/4246-1/ -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1222 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:1222 -
References (GENTOO) https://security.gentoo.org/glsa/202007-54 - Third Party Advisory () https://security.gentoo.org/glsa/202007-54 -
References (MISC) https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib - Third Party Advisory () https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib -
References (UBUNTU) https://usn.ubuntu.com/4292-1/ - Third Party Advisory () https://usn.ubuntu.com/4292-1/ -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1221 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:1221 -
References (CONFIRM) https://support.apple.com/HT208112 - Third Party Advisory () https://support.apple.com/HT208112 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:1220 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:1220 -
References (CONFIRM) https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 - Patch, Third Party Advisory () https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 -
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html -
References (MISC) https://wiki.mozilla.org/images/0/09/Zlib-report.pdf - Exploit, Technical Description, Third Party Advisory () https://wiki.mozilla.org/images/0/09/Zlib-report.pdf -
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - Patch, Third Party Advisory () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html -
References (CONFIRM) http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html - Patch, Third Party Advisory () http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html -
References (MLIST) https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html -
References (MLIST) http://www.openwall.com/lists/oss-security/2016/12/05/21 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2016/12/05/21 -
References (GENTOO) https://security.gentoo.org/glsa/201701-56 - Third Party Advisory () https://security.gentoo.org/glsa/201701-56 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:2999 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:2999 -
References (CONFIRM) https://support.apple.com/HT208144 - Third Party Advisory () https://support.apple.com/HT208144 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3453 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3453 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3047 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3047 -
References (REDHAT) https://access.redhat.com/errata/RHSA-2017:3046 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2017:3046 -
References (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpujul2020.html -
References (SECTRACK) http://www.securitytracker.com/id/1039427 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id/1039427 -
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1402345 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1402345 -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html -
References (BID) http://www.securityfocus.com/bid/95131 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/95131 -

Information

Published : 2017-05-23 04:29

Updated : 2024-11-21 03:01


NVD link : CVE-2016-9840

Mitre link : CVE-2016-9840

CVE.ORG link : CVE-2016-9840


JSON object : View

Products Affected

opensuse

  • opensuse
  • leap

redhat

  • enterprise_linux_server
  • enterprise_linux_desktop
  • enterprise_linux_eus
  • enterprise_linux_workstation
  • satellite

oracle

  • jdk
  • jre
  • database_server
  • mysql

apple

  • tvos
  • mac_os_x
  • iphone_os
  • watchos

canonical

  • ubuntu_linux

debian

  • debian_linux

nodejs

  • node.js

zlib

  • zlib