CVE-2016-9842
CVE-2016-9842
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 5.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
23 May 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.htmlhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00050.htmlhttp://lists.opensuse.org/opensuse-updates/2017-01/msg00053.htmlhttps://access.redhat.com/errata/RHSA-2017:1220https://access.redhat.com/errata/RHSA-2017:1221https://access.redhat.com/errata/RHSA-2017:1222https://access.redhat.com/errata/RHSA-2017:2999https://access.redhat.com/errata/RHSA-2017:3046https://access.redhat.com/errata/RHSA-2017:3047https://access.redhat.com/errata/RHSA-2017:3453https://bugzilla.redhat.com/show_bug.cgi?id=1402348https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958