inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
結論預警: CVE-2016-9841 綜合評估為高風險(67/100):CVSS 技術影響為嚴重級,利用機率偏高(EPSS 7.49%,百分位 94%) 核心證據: EPSS 顯示該漏洞近期被利用的可能性處於高位。 強制指令: 被利用機率偏高—請盤點暴露面並優先安排修補。
風險隨態勢動態變化;本站持續評估並同步更新本頁展示內容。
EPSS 日更估計相對被利用可能性;百分位表示該 CVE 在已評分漏洞中的相對排名(越高表示相對更嚴重)。
| # | 日期 | 舊 EPSS 分數 | 新 EPSS 分數 | 變化(新 − 舊) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 19.18% | 7.49% | -11.69% |
| 2 | 2026-06-06 | 23.61% | 19.18% | -4.43% |
| 3 | 2026-06-05 | — | 23.61% | — |
完整 EPSS 歷史 (共 26 筆)
該 CVE 的 CVSS 指標。
| 底座分 | 版本 | 嚴重度 | 向量 | 可利用性 | 影響 | 分數來源 |
|---|---|---|---|---|---|---|
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | [email protected] |
| 7.5 | 2.0 | HIGH |
|
10.0 | 6.4 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2016-9841 not yet assigned priority: Debian including 2 source packages (rsync, zlib), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 10. | https://security-tracker.debian.org/tracker/CVE-2016-9841 |
gentoo
|
normal | CVE-2016-9841: 2 GLSA(s) (201701-56, 202007-54), 2 atom(s) (net-misc/rsync, sys-libs/zlib); latest impact normal. | https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2016-9841 |
redhat
|
low | — | https://access.redhat.com/security/cve/CVE-2016-9841 |
suse
|
critical | CVE-2016-9841 severity critical: SUSE including 198 source package names (0.9.1:libz1-1.2.8-11.1, 1.0.0:libz1-1.2.8-11.1, …), 518 product×package rows across 88 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (88 product lines)): Fixed 405, Known Not Affected 113. | https://www.suse.com/security/cve/CVE-2016-9841/ |
ubuntu
|
low | CVE-2016-9841 low priority: Ubuntu including 4 source packages (klibc, rsync, zlib, zsync), 61 status rows across 23 suites (artful, bionic, cosmic, disco, eoan, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, plucky, precise, questing, trusty, upstream, xenial, yakkety, zesty): released 28, not-affected 18, needs-triage 9, ignored 5, needed 1. | https://ubuntu.com/security/CVE-2016-9841 |
| 廠商 | 產品 | 版本 | 原始 CPE |
|---|---|---|---|
| zlib | zlib | >= 1.2.0, < 1.2.9 | cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* |
| opensuse | leap | 42.1 | cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* |
| opensuse | leap | 42.2 | cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:* |
| opensuse | opensuse | 13.2 | cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* |
| debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* |
| canonical | ubuntu_linux | 18.04 | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
| oracle | database_server | 18c | cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:* |
| oracle | jdk | 1.6.0 | cpe:2.3:a:oracle:jdk:1.6.0:update161:*:*:*:*:*:* |
| oracle | jdk | 1.7.0 | cpe:2.3:a:oracle:jdk:1.7.0:update151:*:*:*:*:*:* |
| oracle | jdk | 1.8.0 | cpe:2.3:a:oracle:jdk:1.8.0:update144:*:*:*:*:*:* |
| oracle | jre | 1.6.0 | cpe:2.3:a:oracle:jre:1.6.0:update161:*:*:*:*:*:* |
| oracle | jre | 1.7.0 | cpe:2.3:a:oracle:jre:1.7.0:update151:*:*:*:*:*:* |
| oracle | jre | 1.8.0 | cpe:2.3:a:oracle:jre:1.8.0:update144:*:*:*:*:*:* |
| oracle | mysql | >= 5.5.0, <= 5.5.61 | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| oracle | mysql | >= 5.6.0, <= 5.6.41 | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| oracle | mysql | >= 5.7.0, <= 5.7.23 | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| oracle | mysql | >= 8.0.0, <= 8.0.12 | cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:* |
| redhat | satellite | 5.8 | cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:* |
| redhat | enterprise_linux_desktop | 6.0 | cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_desktop | 7.0 | cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 7.4 | cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* |
| redhat | enterprise_linux_eus | 7.5 | cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server | 6.0 | cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_server | 7.0 | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_workstation | 6.0 | cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |
| redhat | enterprise_linux_workstation | 7.0 | cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
| apple | iphone_os | < 11 | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| apple | mac_os_x | >= 10.0.0, < 10.13.0 | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
| apple | tvos | < 11.0 | cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
| apple | watchos | < 4 | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
| netapp | active_iq_unified_manager | >= 7.3 | cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:* |
| netapp | active_iq_unified_manager | >= 9.5 | cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:* |
| netapp | cloud_backup | — | cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* |
| netapp | e-series_santricity_management | — | cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:* |
| netapp | e-series_santricity_management | — | cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:* |
| netapp | e-series_santricity_management | — | cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:* |
| netapp | e-series_santricity_os_controller | >= 11.0.0, <= 11.70.1 | cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* |
| netapp | e-series_santricity_storage_manager | — | cpe:2.3:a:netapp:e-series_santricity_storage_manager:-:*:*:*:*:*:*:* |
| netapp | e-series_santricity_web_services | — | cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:* |
| netapp | oncommand_balance | — | cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:* |
| netapp | oncommand_insight | — | cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
| netapp | oncommand_performance_manager | — | cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:* |
| netapp | oncommand_shift | — | cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:* |
| netapp | oncommand_unified_manager | <= 7.1 | cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:* |
| netapp | oncommand_unified_manager | <= 7.1 | cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:* |
| netapp | oncommand_unified_manager | — | cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:* |
| netapp | oncommand_workflow_automation | — | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
| netapp | snapmanager | — | cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:* |
| netapp | snapmanager | — | cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:* |
| netapp | solidfire | — | cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* |
| netapp | steelstore_cloud_integrated_storage | — | cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* |
| netapp | storage_replication_adapter_for_clustered_data_ontap | — | cpe:2.3:a:netapp:storage_replication_adapter_for_clustered_data_ontap:-:*:*:*:*:vmware_vsphere:*:* |
| netapp | symantec_netbackup | — | cpe:2.3:a:netapp:symantec_netbackup:-:*:*:*:*:*:*:* |
| netapp | vasa_provider_for_clustered_data_ontap | >= 7.2 | cpe:2.3:a:netapp:vasa_provider_for_clustered_data_ontap:*:*:*:*:*:*:*:* |
| netapp | virtual_storage_console | — | cpe:2.3:a:netapp:virtual_storage_console:-:*:*:*:*:vmware_vsphere:*:* |
| netapp | hci_storage_node | — | cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:* |
| nodejs | node.js | >= 4.0.0, <= 4.1.2 | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| nodejs | node.js | >= 4.2.0, < 4.8.2 | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| nodejs | node.js | >= 6.0.0, <= 6.8.1 | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |
| nodejs | node.js | >= 6.9.0, < 6.10.2 | cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:* |
| nodejs | node.js | >= 7.0.0, < 7.6.0 | cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:* |