CVE-2016-9843 - The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unsp

CVE-2016-9843

Summary

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

References

Vulnerable Configurations

cpe:2.3:a:gnu:zlib:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:zlib:1.2.8:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 28-07-2020 - 21:15)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

redhat via4

advisories

rhsa
id RHSA-2017:1220
rhsa
id RHSA-2017:1221
rhsa
id RHSA-2017:1222
rhsa
id RHSA-2017:2999
rhsa
id RHSA-2017:3046
rhsa
id RHSA-2017:3047
rhsa
id RHSA-2017:3453

rpms

java-1.8.0-ibm-1:1.8.0.4.5-1jpp.1.el6_9
java-1.8.0-ibm-1:1.8.0.4.5-1jpp.1.el7_3
java-1.8.0-ibm-demo-1:1.8.0.4.5-1jpp.1.el6_9
java-1.8.0-ibm-demo-1:1.8.0.4.5-1jpp.1.el7_3
java-1.8.0-ibm-devel-1:1.8.0.4.5-1jpp.1.el6_9
java-1.8.0-ibm-devel-1:1.8.0.4.5-1jpp.1.el7_3
java-1.8.0-ibm-jdbc-1:1.8.0.4.5-1jpp.1.el6_9
java-1.8.0-ibm-jdbc-1:1.8.0.4.5-1jpp.1.el7_3
java-1.8.0-ibm-plugin-1:1.8.0.4.5-1jpp.1.el6_9
java-1.8.0-ibm-plugin-1:1.8.0.4.5-1jpp.1.el7_3
java-1.8.0-ibm-src-1:1.8.0.4.5-1jpp.1.el6_9
java-1.8.0-ibm-src-1:1.8.0.4.5-1jpp.1.el7_3
java-1.7.1-ibm-1:1.7.1.4.5-1jpp.1.el7_3
java-1.7.1-ibm-1:1.7.1.4.5-1jpp.2.el6_9
java-1.7.1-ibm-demo-1:1.7.1.4.5-1jpp.1.el7_3
java-1.7.1-ibm-demo-1:1.7.1.4.5-1jpp.2.el6_9
java-1.7.1-ibm-devel-1:1.7.1.4.5-1jpp.1.el7_3
java-1.7.1-ibm-devel-1:1.7.1.4.5-1jpp.2.el6_9
java-1.7.1-ibm-jdbc-1:1.7.1.4.5-1jpp.1.el7_3
java-1.7.1-ibm-jdbc-1:1.7.1.4.5-1jpp.2.el6_9
java-1.7.1-ibm-plugin-1:1.7.1.4.5-1jpp.1.el7_3
java-1.7.1-ibm-plugin-1:1.7.1.4.5-1jpp.2.el6_9
java-1.7.1-ibm-src-1:1.7.1.4.5-1jpp.1.el7_3
java-1.7.1-ibm-src-1:1.7.1.4.5-1jpp.2.el6_9
java-1.6.0-ibm-1:1.6.0.16.45-1jpp.1.el6_9
java-1.6.0-ibm-demo-1:1.6.0.16.45-1jpp.1.el6_9
java-1.6.0-ibm-devel-1:1.6.0.16.45-1jpp.1.el6_9
java-1.6.0-ibm-javacomm-1:1.6.0.16.45-1jpp.1.el6_9
java-1.6.0-ibm-jdbc-1:1.6.0.16.45-1jpp.1.el6_9
java-1.6.0-ibm-plugin-1:1.6.0.16.45-1jpp.1.el6_9
java-1.6.0-ibm-src-1:1.6.0.16.45-1jpp.1.el6_9
java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-plugin-1:1.8.0.151-1jpp.5.el7
java-1.8.0-oracle-src-1:1.8.0.151-1jpp.1.el6
java-1.8.0-oracle-src-1:1.8.0.151-1jpp.5.el7
java-1.7.0-oracle-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-devel-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-javafx-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-jdbc-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-plugin-1:1.7.0.161-1jpp.4.el7
java-1.7.0-oracle-src-1:1.7.0.161-1jpp.3.el6
java-1.7.0-oracle-src-1:1.7.0.161-1jpp.4.el7
java-1.6.0-sun-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-demo-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-devel-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-jdbc-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-plugin-1:1.6.0.171-1jpp.4.el7
java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el6
java-1.6.0-sun-src-1:1.6.0.171-1jpp.4.el7
java-1.8.0-ibm-1:1.8.0.5.5-1jpp.1.el6_9
java-1.8.0-ibm-devel-1:1.8.0.5.5-1jpp.1.el6_9

refmap via4

bid	95131
confirm	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://bugzilla.redhat.com/show_bug.cgi?id=1402351 https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 https://security.netapp.com/advisory/ntap-20181018-0002/ https://support.apple.com/HT208112 https://support.apple.com/HT208113 https://support.apple.com/HT208115 https://support.apple.com/HT208144
gentoo	GLSA-201701-56 GLSA-202007-54
misc	https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib https://wiki.mozilla.org/images/0/09/Zlib-report.pdf https://www.oracle.com/security-alerts/cpujul2020.html
mlist	[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update [debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update [oss-security] 20161205 Re: CVE Request: zlib security issues found during audit
sectrack	1039427 1041888
suse	openSUSE-SU-2016:3202 openSUSE-SU-2017:0077 openSUSE-SU-2017:0080
ubuntu	USN-4246-1 USN-4292-1

Last major update

28-07-2020 - 21:15

Published

23-05-2017 - 04:29

Last modified

28-07-2020 - 21:15