Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-320
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Server versions ant\u00e9rieures \u00e0 5.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS High Sierra versions ant\u00e9rieures \u00e0 10.13",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7127",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7127"
},
{
"name": "CVE-2017-7129",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7129"
},
{
"name": "CVE-2017-9233",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
},
{
"name": "CVE-2017-7091",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7091"
},
{
"name": "CVE-2017-7121",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7121"
},
{
"name": "CVE-2017-7128",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7128"
},
{
"name": "CVE-2016-9842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
},
{
"name": "CVE-2017-7098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7098"
},
{
"name": "CVE-2017-0381",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0381"
},
{
"name": "CVE-2017-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7104"
},
{
"name": "CVE-2017-7111",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7111"
},
{
"name": "CVE-2017-7102",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7102"
},
{
"name": "CVE-2017-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10979"
},
{
"name": "CVE-2017-7081",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7081"
},
{
"name": "CVE-2017-7120",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7120"
},
{
"name": "CVE-2017-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7141"
},
{
"name": "CVE-2016-9840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
},
{
"name": "CVE-2017-7114",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7114"
},
{
"name": "CVE-2017-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10978"
},
{
"name": "CVE-2017-7117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7117"
},
{
"name": "CVE-2017-7126",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7126"
},
{
"name": "CVE-2017-7084",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7084"
},
{
"name": "CVE-2017-6451",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6451"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2017-7093",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7093"
},
{
"name": "CVE-2017-7138",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7138"
},
{
"name": "CVE-2017-7094",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7094"
},
{
"name": "CVE-2016-9843",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
},
{
"name": "CVE-2017-7109",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7109"
},
{
"name": "CVE-2017-7099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7099"
},
{
"name": "CVE-2017-7087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7087"
},
{
"name": "CVE-2017-7078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7078"
},
{
"name": "CVE-2017-7077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7077"
},
{
"name": "CVE-2017-7122",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7122"
},
{
"name": "CVE-2017-7083",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7083"
},
{
"name": "CVE-2017-7074",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7074"
},
{
"name": "CVE-2017-7080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7080"
},
{
"name": "CVE-2017-7130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7130"
},
{
"name": "CVE-2017-6455",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6455"
},
{
"name": "CVE-2017-7125",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7125"
},
{
"name": "CVE-2016-9841",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-7119",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7119"
},
{
"name": "CVE-2017-7089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7089"
},
{
"name": "CVE-2017-7096",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7096"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-7095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7095"
},
{
"name": "CVE-2017-7123",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7123"
},
{
"name": "CVE-2017-1000373",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000373"
},
{
"name": "CVE-2017-7086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7086"
},
{
"name": "CVE-2017-7090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7090"
},
{
"name": "CVE-2017-7100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7100"
},
{
"name": "CVE-2017-7106",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7106"
},
{
"name": "CVE-2017-6459",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6459"
},
{
"name": "CVE-2017-7092",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7092"
},
{
"name": "CVE-2017-7143",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7143"
},
{
"name": "CVE-2017-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7082"
},
{
"name": "CVE-2017-7107",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7107"
},
{
"name": "CVE-2017-6452",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6452"
},
{
"name": "CVE-2017-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11103"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6460",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6460"
},
{
"name": "CVE-2017-7124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7124"
},
{
"name": "CVE-2017-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6458"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2016-9042",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9042"
}
],
"links": [],
"reference": "CERTFR-2017-AVI-320",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-09-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208102 du 25 septembre 2017",
"url": "https://support.apple.com/fr-fr/HT208102"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208142 du 25 septembre 2017",
"url": "https://support.apple.com/fr-fr/HT208142"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208144 du 25 septembre 2017",
"url": "https://support.apple.com/fr-fr/HT208144"
}
]
}
CVE-2016-9042 (GCVE-0-2016-9042)
Vulnerability from cvelistv5 – Published: 2018-06-04 20:00 – Updated: 2024-09-17 03:53
VLAI?
EPSS
Summary
An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition.
Severity ?
CWE
- denial of service
Assigner
References
21 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Talos | Network Time Protocol |
Affected:
NTP 4.2.8p9
|
Date Public ?
2017-03-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:09.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97046",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97046"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"name": "FEDORA-2017-20d54b2782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Time Protocol",
"vendor": "Talos",
"versions": [
{
"status": "affected",
"version": "NTP 4.2.8p9"
}
]
}
],
"datePublic": "2017-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T19:17:22.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "1038123",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "FreeBSD-SA-17:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97046",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97046"
},
{
"name": "USN-3349-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"name": "FEDORA-2017-20d54b2782",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-03-29T00:00:00",
"ID": "CVE-2016-9042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Time Protocol",
"version": {
"version_data": [
{
"version_value": "NTP 4.2.8p9"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial of service vulnerability exists in the origin timestamp check functionality of ntpd 4.2.8p9. A specially crafted unauthenticated network packet can be used to reset the expected origin timestamp for target peers. Legitimate replies from targeted peers will fail the origin timestamp check (TEST2) causing the reply to be dropped and creating a denial of service condition."
}
]
},
"impact": {
"cvss": {
"baseScore": 3.7,
"baseSeverity": "Low",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038123",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038123"
},
{
"name": "FreeBSD-SA-17:03",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:03.ntp.asc"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "97046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97046"
},
{
"name": "USN-3349-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3349-1"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540403/100/0/threaded"
},
{
"name": "20171101 APPLE-SA-2017-10-31-8 Additional information for APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Nov/7"
},
{
"name": "20170412 FreeBSD Security Advisory FreeBSD-SA-17:03.ntp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/540403/100/0/threaded"
},
{
"name": "FEDORA-2017-20d54b2782",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7KVLFA3J43QFIP4I7HE7KQ5FXSMJEKC6/"
},
{
"name": "20170925 APPLE-SA-2017-09-25-1 macOS High Sierra 10.13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/62"
},
{
"name": "20170422 [slackware-security] ntp (SSA:2017-112-02)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/archive/1/540464/100/0/threaded"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbux03962en_us"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0260"
},
{
"name": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142101/FreeBSD-Security-Advisory-FreeBSD-SA-17-03.ntp.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10201"
},
{
"name": "https://support.apple.com/kb/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT208144"
},
{
"name": "https://support.f5.com/csp/article/K39041624",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K39041624"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa147",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa147"
},
{
"name": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142284/Slackware-Security-Advisory-ntp-Updates.html"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2016-9042",
"datePublished": "2018-06-04T20:00:00.000Z",
"dateReserved": "2016-10-26T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:53:51.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9063 (GCVE-0-2016-9063)
Vulnerability from cvelistv5 – Published: 2018-06-11 21:00 – Updated: 2024-08-06 02:42
VLAI?
EPSS
Summary
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
Severity ?
No CVSS data available.
CWE
- Possible integer overflow to fix inside XML_Parse in Expat
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2017/dsa-3898 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/94337 | vdb-entryx_refsource_BID |
| https://bugzilla.mozilla.org/show_bug.cgi?id=1274777 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037298 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1039427 | vdb-entryx_refsource_SECTRACK |
| https://www.mozilla.org/security/advisories/mfsa2… | x_refsource_CONFIRM |
Impacted products
Date Public ?
2016-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:42:10.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3898"
},
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "50",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2016-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Possible integer overflow to fix inside XML_Parse in Expat",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-12T09:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "DSA-3898",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3898"
},
{
"name": "94337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777"
},
{
"name": "1037298",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-9063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "50"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox \u003c 50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible integer overflow to fix inside XML_Parse in Expat"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3898",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3898"
},
{
"name": "94337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94337"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1274777"
},
{
"name": "1037298",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037298"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-89/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-89/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2016-9063",
"datePublished": "2018-06-11T21:00:00.000Z",
"dateReserved": "2016-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:42:10.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9840 (GCVE-0-2016-9840)
Vulnerability from cvelistv5 – Published: 2017-05-23 03:56 – Updated: 2024-08-06 02:59
VLAI?
EPSS
Summary
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
30 references
Date Public ?
2016-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"name": "GLSA-202007-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:02.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "RHSA-2017:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"name": "GLSA-202007-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-9840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "RHSA-2017:3046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0",
"refsource": "CONFIRM",
"url": "https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0"
},
{
"name": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402345"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
},
{
"name": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"name": "GLSA-202007-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-9840",
"datePublished": "2017-05-23T03:56:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:59:03.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9841 (GCVE-0-2016-9841)
Vulnerability from cvelistv5 – Published: 2017-05-23 03:56 – Updated: 2024-08-06 02:59
VLAI?
EPSS
Summary
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
33 references
Date Public ?
2016-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "1039596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039596"
},
{
"name": "GLSA-201701-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"name": "GLSA-202007-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "RHSA-2017:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "1039596",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039596"
},
{
"name": "GLSA-201701-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"name": "GLSA-202007-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-9841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "RHSA-2017:3046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "1039596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039596"
},
{
"name": "GLSA-201701-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
},
{
"name": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402346"
},
{
"name": "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb",
"refsource": "CONFIRM",
"url": "https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171019-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171019-0001/"
},
{
"name": "GLSA-202007-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-9841",
"datePublished": "2017-05-23T03:56:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:59:03.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9842 (GCVE-0-2016-9842)
Vulnerability from cvelistv5 – Published: 2017-05-23 03:56 – Updated: 2025-12-04 16:36
VLAI?
EPSS
Summary
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
30 references
Date Public ?
2016-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"
},
{
"name": "GLSA-202007-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-54"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-9842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-04T16:34:37.454444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1335",
"description": "CWE-1335 Incorrect Bitwise Shift of Integer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T16:36:07.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:04.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "RHSA-2017:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"
},
{
"name": "GLSA-202007-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-9842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "RHSA-2017:3046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
},
{
"name": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402348"
},
{
"name": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958",
"refsource": "CONFIRM",
"url": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"
},
{
"name": "GLSA-202007-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-9842",
"datePublished": "2017-05-23T03:56:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2025-12-04T16:36:07.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2016-9843 (GCVE-0-2016-9843)
Vulnerability from cvelistv5 – Published: 2017-05-23 03:56 – Updated: 2024-08-06 02:59
VLAI?
EPSS
Summary
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
33 references
Date Public ?
2016-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "1041888",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name": "GLSA-202007-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-54"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"name": "RHSA-2017:1221",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "1041888",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "RHSA-2017:3046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name": "GLSA-202007-54",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-54"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2016-9843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1221",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1221"
},
{
"name": "RHSA-2017:1220",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1220"
},
{
"name": "RHSA-2017:3047",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3047"
},
{
"name": "[oss-security] 20161205 Re: CVE Request: zlib security issues found during audit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/05/21"
},
{
"name": "95131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95131"
},
{
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "RHSA-2017:3046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3046"
},
{
"name": "openSUSE-SU-2017:0077",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"
},
{
"name": "GLSA-201701-56",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-56"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "RHSA-2017:1222",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1222"
},
{
"name": "openSUSE-SU-2017:0080",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"
},
{
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "openSUSE-SU-2016:3202",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"
},
{
"name": "RHSA-2017:2999",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2999"
},
{
"name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"
},
{
"name": "USN-4246-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4246-1/"
},
{
"name": "[debian-lts-announce] 20200129 [SECURITY] [DLA 2085-1] zlib security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"
},
{
"name": "USN-4292-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4292-1/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
},
{
"name": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf",
"refsource": "MISC",
"url": "https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"
},
{
"name": "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811",
"refsource": "CONFIRM",
"url": "https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1402351"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name": "GLSA-202007-54",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-54"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2016-9843",
"datePublished": "2017-05-23T03:56:00.000Z",
"dateReserved": "2016-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:59:03.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0381 (GCVE-0-2017-0381)
Vulnerability from cvelistv5 – Published: 2017-01-12 20:00 – Updated: 2024-08-05 13:03
VLAI?
EPSS
Summary
An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432.
Severity ?
No CVSS data available.
CWE
- Remote code execution
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/201702-21 | vendor-advisoryx_refsource_GENTOO |
| https://support.apple.com/HT208144 | x_refsource_CONFIRM |
| https://android.googlesource.com/platform/externa… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95248 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1039427 | vdb-entryx_refsource_SECTRACK |
| https://support.apple.com/HT208113 | x_refsource_CONFIRM |
| https://support.apple.com/HT208112 | x_refsource_CONFIRM |
| https://support.apple.com/HT208115 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-5.0.2
Affected: Android-5.1.1 Affected: Android-6.0 Affected: Android-6.0.1 Affected: Android-7.0 Affected: Android-7.1 |
Date Public ?
2017-01-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:57.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "GLSA-201702-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-21"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7"
},
{
"name": "95248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95248"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-5.0.2"
},
{
"status": "affected",
"version": "Android-5.1.1"
},
{
"status": "affected",
"version": "Android-6.0"
},
{
"status": "affected",
"version": "Android-6.0.1"
},
{
"status": "affected",
"version": "Android-7.0"
},
{
"status": "affected",
"version": "Android-7.1"
}
]
}
],
"datePublic": "2017-01-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-23T00:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "GLSA-201702-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-21"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7"
},
{
"name": "95248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95248"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-5.0.2"
},
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "GLSA-201702-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-21"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7"
},
{
"name": "95248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95248"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0381",
"datePublished": "2017-01-12T20:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:03:57.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000373 (GCVE-0-2017-1000373)
Vulnerability from cvelistv5 – Published: 2017-06-19 16:00 – Updated: 2024-08-05 22:00
VLAI?
EPSS
Summary
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/42271/ | exploitx_refsource_EXPLOIT-DB |
| https://support.apple.com/HT208144 | x_refsource_CONFIRM |
| https://www.qualys.com/2017/06/19/stack-clash/sta… | x_refsource_MISC |
| https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib… | x_refsource_MISC |
| http://www.securityfocus.com/bid/99177 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1039427 | vdb-entryx_refsource_SECTRACK |
| https://support.apple.com/HT208113 | x_refsource_CONFIRM |
| https://support.apple.com/HT208112 | x_refsource_CONFIRM |
| https://support.apple.com/HT208115 | x_refsource_CONFIRM |
Date Public ?
2017-06-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:40.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "42271",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42271/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15\u0026content-type=text/x-cvsweb-markup"
},
{
"name": "99177",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99177"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-23T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "42271",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42271/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15\u0026content-type=text/x-cvsweb-markup"
},
{
"name": "99177",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99177"
},
{
"name": "1039427",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208115"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000373",
"REQUESTER": "qsa@qualys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42271",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42271/"
},
{
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
},
{
"name": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15\u0026content-type=text/x-cvsweb-markup",
"refsource": "MISC",
"url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15\u0026content-type=text/x-cvsweb-markup"
},
{
"name": "99177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99177"
},
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000373",
"datePublished": "2017-06-19T16:00:00.000Z",
"dateReserved": "2017-06-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:40.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10978 (GCVE-0-2017-10978)
Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
EPSS
Summary
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/99893 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisoryx_refsource_DEBIAN |
| https://access.redhat.com/errata/RHSA-2017:2389 | vendor-advisoryx_refsource_REDHAT |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
Date Public ?
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "99893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99893"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "99893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99893"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows \"Read / write overflow in make_secret()\" and a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "99893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99893"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "RHSA-2017:2389",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2389"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10978",
"datePublished": "2017-07-17T16:00:00.000Z",
"dateReserved": "2017-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:57:56.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10979 (GCVE-0-2017-10979)
Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 17:57
VLAI?
EPSS
Summary
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1038914 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2017:1759 | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2017/dsa-3930 | vendor-advisoryx_refsource_DEBIAN |
| http://freeradius.org/security/fuzzer-2017.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/99901 | vdb-entryx_refsource_BID |
Date Public ?
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:57:56.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99901"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038914",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99901"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10979",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038914"
},
{
"name": "RHSA-2017:1759",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1759"
},
{
"name": "DSA-3930",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3930"
},
{
"name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security/fuzzer-2017.html"
},
{
"name": "99901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99901"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10979",
"datePublished": "2017-07-17T16:00:00.000Z",
"dateReserved": "2017-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:57:56.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…