CVE-2016-9843

high-risk

Published 2017-05-23

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Do I need to act?

!

15.1% chance of exploitation in next 30 days

EPSS score — higher than 85% of all CVEs

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

+

Fix available

Upgrade to: 2fa463bacfff79181df1a5270fb67cc679a53e71, d1d577490c15a0c6862473d7576352a9f18ef811, aac632a6a300b1736a0c9f734ed0435468cdb11c, b9a69f776d3dea825bc23759660258c28bf58cc7, 8d834cd0f370b306f63c2364552d187fc388e59e, 32bebfeefb219aec22468a6eae30ffd4a778544d, fe0e65dbe28f93bfc677d12be4166415dc1bec5a, bac287c315b1792e7ae33f91add6a60292f9bae8, ab4af087e83d91a46354d765306d3543b1d85423, cea049bcf8bb0f9a6e0095dbd5dffdb14dc8f71b, ea2ceac846abb279fd4d141bfe32fc4f7a6e30e0, fbc9fded2fb4caa104e55146e6fa4fc2c3d11daf, bebda6df68c71f233a2ee212b2569ae6e70b48a9

9

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Leap

Opensuse

Debian Linux

Ubuntu Linux

Ubuntu Linux

Jdk

Jre

Mysql

Satellite

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server

Enterprise Linux Workstation

Enterprise Linux Workstation

Iphone Os

Mac Os X

Tvos

Watchos

Active Iq Unified Manager

Affected Vendors

Netapp Oracle Debian Zlib Nodejs Opensuse Canonical Mariadb Redhat Apple

References (66)

http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html

http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html

http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html

http://www.openwall.com/lists/oss-security/2016/12/05/21

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

http://www.securityfocus.com/bid/95131

http://www.securitytracker.com/id/1039427

http://www.securitytracker.com/id/1041888

https://access.redhat.com/errata/RHSA-2017:1220

https://access.redhat.com/errata/RHSA-2017:1221

https://access.redhat.com/errata/RHSA-2017:1222

https://access.redhat.com/errata/RHSA-2017:2999

https://access.redhat.com/errata/RHSA-2017:3046

https://access.redhat.com/errata/RHSA-2017:3047

https://access.redhat.com/errata/RHSA-2017:3453

https://bugzilla.redhat.com/show_bug.cgi?id=1402351

https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811

https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html

and 46 more references

67

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 12/34 · Low

Exposure 23/34 · High