CVE-2016-9843

20 documents11 sources

Severity

9.8CRITICAL

EPSS

15.1%

top 5.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +18 more

Timeline

PublishedMay 23

Latest updateJan 14

Description

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages20 packages

▶NVDzlib/zlib1.2.0 — 1.2.9

▶Debianzlib< 1:1.2.8.dfsg-3+3

▶NVDapple/tvos< 11.0

▶NVDapple/watchos< 4

▶NVDapple/mac_os_x10.0.0 — 10.13.0

Also affects: Debian Linux 8.0, Ubuntu Linux 16.04, 18.04, Enterprise Linux 7.4, 7.5

🔴Vulnerability Details

GHSA

GHSA-q27x-567x-5347: The crc32_big function in crc32↗2022-05-13

▶

OSV

rsync vulnerabilities↗2020-02-25

▶

OSV

zlib vulnerabilities↗2020-01-22

▶

OSV

CVE-2016-9843: The crc32_big function in crc32↗2017-05-23

▶

CVEList

CVE-2016-9843: The crc32_big function in crc32↗2017-05-23

▶

📋Vendor Advisories

Ubuntu

klibc vulnerabilities↗2026-01-14

▶

Oracle

Oracle Oracle Database Server Risk Matrix: Core RDBMS (zlib) — CVE-2016-9843↗2020-07-15

▶

Ubuntu

rsync vulnerabilities↗2020-02-25

▶

Ubuntu

zlib vulnerabilities↗2020-01-22

▶

Apple

CVE-2016-9843: macOS High Sierra 10.13↗2017-09-25

▶

💬Community

Bugzilla

CVE-2016-9843 zlib: Big-endian out-of-bounds pointer↗2016-12-07

▶

Bugzilla

CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 zlib: various flaws [fedora-all]↗2016-12-07

▶

Bugzilla

CVE-2014-9843 ImageMagick: incorrect boundary checks in DecodePSDPixels↗2016-06-07

▶