CVE编号
CVE-2016-9841利用情况
暂无补丁情况
官方补丁披露时间
2017-05-23漏洞描述
zlib 1.2.8中的inffast.c可能允许依赖于上下文的攻击者通过利用不正确的指针算法来产生未指定的影响。解决建议
目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页:http://www.zlib.net/
参考链接 |
|
|---|---|
| http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html | |
| http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html | |
| http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html | |
| http://www.openwall.com/lists/oss-security/2016/12/05/21 | |
| http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | |
| http://www.securityfocus.com/bid/95131 | |
| http://www.securitytracker.com/id/1039427 | |
| http://www.securitytracker.com/id/1039596 | |
| https://access.redhat.com/errata/RHSA-2017:1220 | |
| https://access.redhat.com/errata/RHSA-2017:1221 | |
| https://access.redhat.com/errata/RHSA-2017:1222 | |
| https://access.redhat.com/errata/RHSA-2017:2999 | |
| https://access.redhat.com/errata/RHSA-2017:3046 | |
| https://access.redhat.com/errata/RHSA-2017:3047 | |
| https://access.redhat.com/errata/RHSA-2017:3453 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1402346 | |
| https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb | |
| https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html | |
| https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html | |
| https://security.gentoo.org/glsa/201701-56 | |
| https://security.gentoo.org/glsa/202007-54 | |
| https://security.netapp.com/advisory/ntap-20171019-0001/ | |
| https://support.apple.com/HT208112 | |
| https://support.apple.com/HT208113 | |
| https://support.apple.com/HT208115 | |
| https://support.apple.com/HT208144 | |
| https://usn.ubuntu.com/4246-1/ | |
| https://usn.ubuntu.com/4292-1/ | |
| https://wiki.mozilla.org/images/0/09/Zlib-report.pdf | |
| https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib | |
| https://www.oracle.com/security-alerts/cpujul2020.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | gnu | zlib | 1.2.8 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.3 | zlib | * |
Up to (excluding) 1.2.11-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.4 | zlib | * |
Up to (excluding) 1.2.11-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.5 | zlib | * |
Up to (excluding) 1.2.11-r0 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.6 | zlib | * |
Up to (excluding) 5.24.3-r1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_8 | zlib | * |
Up to (excluding) 1:1.2.8.dfsg-2+deb8u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | zlib | * |
Up to (excluding) 3.1.2-1+deb9u2 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_13.2 | zlib | * |
Up to (excluding) 1.2.8-5.8.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.1 | zlib | * |
Up to (excluding) 1.2.8-8.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.2 | zlib | * |
Up to (excluding) 1.2.8-10.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_42.3 | zlib | * |
Up to (excluding) 1.8.0.151-18.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_11_SP4 | zlib | * |
Up to (excluding) 1.2.7-0.14.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP1 | zlib | * |
Up to (excluding) 1.2.8-6.3.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP2 | zlib | * |
Up to (excluding) 1.2.8-11.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP3 | zlib | * |
Up to (excluding) 1.7.0.161-43.7.6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04 | zlib | * |
Up to (excluding) 1:1.2.8.dfsg-2ubuntu4.3 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04 | zlib | * |
Up to (excluding) 3.1.2-2.1ubuntu1.1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_20.04 | zlib | * |
Up to (excluding) 3.1.3-6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_21.04 | zlib | * |
Up to (excluding) 3.1.3-6 |
|||||
- 攻击路径 远程
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
还没有评论,来说两句吧...