CVE-2016-9843

CRITICAL

zlib 1.2.8 - Info Disclosure

Title source: llm

Description

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

References (33)

... and 13 more

Scores

CVSS v3 9.8
EPSS 0.0798
EPSS Percentile 91.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

Status draft

Affected Products (36)

zlib/zlib < 1.2.9
opensuse/leap
opensuse/leap
opensuse/opensuse
debian/debian_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
oracle/database_server
oracle/jdk
oracle/jdk
oracle/jdk
oracle/jre
oracle/jre
oracle/jre
oracle/mysql < 5.5.61
... and 21 more

Timeline

Published May 23, 2017
Tracked Since Feb 18, 2026