Vulnerability CVE-2016-9842: Information

Description

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Fixed packages

References to Advisories, Solutions, and Tools

1. Affected configurations:

   1. Configuration 1

      cpe:2.3:a:gnu:zlib:*:*:*:*:*:*:*:*

      Start including

      1.2.3.4

      End excliding

      1.2.9

      ---

      Configuration 2

      cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

      ---

      Configuration 3

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

      ---

      Configuration 4

      cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

      ---

      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

      ---

      Configuration 5

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

      Start including

      5.7.0

      End including

      5.7.23

      ---

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

      Start including

      8.0.0

      End including

      8.0.12

      ---

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

      Start including

      5.5.0

      End including

      5.5.61

      ---

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*

      Start including

      5.6.0

      End including

      5.6.41

      ---

      cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:*

      ---

      cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:*

      ---

      Configuration 6

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*

      ---

      Configuration 7

      cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

      End excliding

      11.0

      ---

      cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

      End excliding

      11

      ---

      cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

      End excliding

      4

      ---

      cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

      Start including

      10.0.0

      End excliding

      10.13.0

      ---

      Configuration 8

      cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

      Start including

      4.0.0

      End including

      4.1.2

      ---

      cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

      Start including

      6.0.0

      End including

      6.8.1

      ---

      cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*

      Start including

      4.2.0

      End excliding

      4.8.2

      ---

      cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*

      Start including

      6.9.0

      End excliding

      6.10.2

      ---

      cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*

      Start including

      7.0.0

      End excliding

      7.6.0

      ---