PT-2017-2600 · Zlib+7 · Zlib+7
Publicado
2016-12-21
·
Atualizado
2024-05-23
·
CVE-2016-9841
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
zlib version 1.2.8
Description
The issue is caused by improper pointer arithmetic in the inffast.c component of the zlib library, which may allow remote attackers to impact the confidentiality, integrity, and availability of protected information. This can be achieved by exploiting errors in number processing, potentially leading to a denial of service. A remote attacker could exploit this by persuading a victim to open a specially crafted document, causing a denial of service due to a big-endian out-of-bounds pointer.
Recommendations
For zlib version 1.2.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Ibm Aix
Java Platform
Linuxmint
Red Hat
Suse
Ubuntu
Zlib