CVE-2016-9840
- Source
- https://cve.org/CVERecord?id=CVE-2016-9840
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9840.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-9840
- Aliases
- Downstream
- Related
- Published
- 2017-05-23T04:29:01.667Z
- Modified
- 2026-04-16T04:37:11.729666998Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
- References
-
- http://www.securityfocus.com/bid/95131
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- http://www.securitytracker.com/id/1039427
- https://access.redhat.com/errata/RHSA-2017:2999
- https://access.redhat.com/errata/RHSA-2017:3046
- https://support.apple.com/HT208144
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- https://access.redhat.com/errata/RHSA-2017:3047
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://support.apple.com/HT208113
- https://usn.ubuntu.com/4246-1/
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- https://security.gentoo.org/glsa/201701-56
- https://support.apple.com/HT208115
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://support.apple.com/HT208112
- https://usn.ubuntu.com/4292-1/
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1222
- https://security.gentoo.org/glsa/202007-54
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:3453
- https://bugzilla.redhat.com/show_bug.cgi?id=1402345
- https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
Affected packages
Git / github.com/madler/zlib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/madler/zlib
- Events
- Database specific
{ "versions": [ { "introduced": "1.2.0.6" }, { "fixed": "1.2.9" } ] }
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "5.5.0" }, { "last_affected": "5.5.61" }, { "introduced": "5.6.0" }, { "last_affected": "5.6.41" }, { "introduced": "5.7.0" }, { "last_affected": "5.7.23" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.12" }, { "introduced": "0" }, { "last_affected": "7.5" }, { "introduced": "4.0.0" }, { "last_affected": "4.1.2" } ] }
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "13.2" }, { "introduced": "0" }, { "last_affected": "5.8" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.4" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "10.0.0" }, { "fixed": "10.13.0" }, { "introduced": "0" }, { "fixed": "11.0" }, { "introduced": "4.2.0" }, { "fixed": "4.8.2" }, { "introduced": "6.0.0" }, { "last_affected": "6.8.1" }, { "introduced": "6.9.0" }, { "fixed": "6.10.2" }, { "introduced": "7.0.0" }, { "fixed": "7.6.0" } ] }
Affected versions
mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-4.1.1
mysql-4.1.2
mysql-5.*
mysql-5.1.4
mysql-5.5.15
mysql-5.5.19
mysql-5.5.23
mysql-5.5.25
mysql-5.5.27
mysql-5.5.44
mysql-5.5.47
mysql-5.5.49
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.6.40
mysql-5.6.41
mysql-5.7.23
mysql-8.*
mysql-8.0.0
mysql-8.0.12
mysql-cluster-7.*
mysql-cluster-7.5.0
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.2.0.6
v1.2.0.7
v1.2.0.8
v1.2.1
v1.2.1.1
v1.2.1.2
v1.2.2
v1.2.2.1
v1.2.2.2
v1.2.2.3
v1.2.2.4
v1.2.3
v1.2.3.1
v1.2.3.2
v1.2.3.3
v1.2.3.4
v1.2.3.5
v1.2.3.6
v1.2.3.7
v1.2.3.8
v1.2.3.9
v1.2.4
v1.2.4-pre1
v1.2.4-pre2
v1.2.4.1
v1.2.4.2
v1.2.4.3
v1.2.4.4
v1.2.4.5
v1.2.5
v1.2.5.1
v1.2.5.2
v1.2.5.3
v1.2.6
v1.2.6.1
v1.2.7
v1.2.7.1
v1.2.7.2
v1.2.7.3
v1.2.8
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.2.0
v10.2.1
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v13.*
v13.0.0
v13.0.1
v13.1.0
v13.2.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0
v4.*
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.0
v4.8.1
v5.*
v5.0.0
v5.1.0
v5.1.1
v5.2.0
v5.3.0
v5.4.0
v5.4.1
v5.5.0
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v6.*
v6.0.0
v6.1.0
v6.10.0
v6.10.1
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v7.*
v7.0.0
v7.1.0
v7.2.0
v7.2.1
v7.3.0
v7.4.0
v7.5.0
Database specific
vanir_signatures_modified
"2026-04-11T03:57:08Z"
vanir_signatures
[
{
"id": "CVE-2016-9840-414fe37a",
"target": {
"file": "contrib/infback9/inftree9.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"16120810892851687554789220157819832702",
"131827276427891043182256510196340875300",
"189513208101419307945534658579998871654",
"212147175082612510136412243030409560140",
"299085759267730258754641938507926344080",
"138959356155413799645705262600700520329",
"29752084737358720135606731688432604107",
"166620327939650871483308933286046278470"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_version": "v1"
},
{
"id": "CVE-2016-9840-7d837108",
"target": {
"file": "inftrees.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"33289512042373412906093149139436580830",
"91426820839317131268716791780186008144",
"194818944693421866592958753112657371532",
"159668138545083466055711927804961193023",
"255066741664144691720111386013603848817",
"234232056215069776200927132383547217084",
"295366361648995060731826038642910043574",
"194364176202057146808626712171096427014"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_version": "v1"
},
{
"id": "CVE-2016-9840-877aa23a",
"target": {
"file": "zconf.h"
},
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"173123370633123651154244949134281019542",
"102273106005205754638040113472517884264",
"235429814244466703824677965529538273675",
"208303993750882978934021550073336842459",
"97615609550968706431926448181519994863",
"339118080829838946074693924107468946553",
"80218173194119430334455345176075092856",
"221115080022463896686917755184628890434",
"220779142876063203106760351651649795828",
"79972837918061490055760410628729165483",
"29640572416293066614062894907893542972",
"320836455951002542724053434768351830366",
"278439570502606989562359642144711240921",
"74969605840670941905966442808748242415",
"136349982313411503433050181948921111059",
"84828482625013498067679033752823325859",
"218156909012989000717970859258362570251",
"156120690550699675574548547437792604157",
"174169894385923384555886757688589868129",
"113887265610536653913694580851125688715",
"322944331613534704823013669100696288875",
"25052244974639821325585794070234606822",
"38325901798038084643343130133098808807",
"158002972493212489475769473812998149461",
"292758423975469462340735089873782351214",
"197319885884091558389402997168622303229",
"273529858872929722013164257392580258347",
"2188558013403878625577241987667171928",
"227718873515223558132286010362181398299",
"337146253929636158546926301773569599342",
"276954032770302743552966193594550874576",
"326215511158024088703961555581128655326",
"243619819439693214143230160079414937501",
"232483367442315974246589415647223061426",
"260395415480728946097742438941645713965",
"292290712618831869667048484348647386677",
"191647618147979755276168823006196468103",
"219013074033810971796049774630081821884",
"205564429641538400226903564968255480612",
"294498949750680192840586029840089044143",
"183398131489758762038008857864289906980",
"69378252258223222776676769656103498778",
"150063933148831471523654235222726000523",
"160919057829188140111342717977171904200",
"113985210579133651988131412870508958926",
"236797731968003545657916862894293146441"
],
"threshold": 0.9
},
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_version": "v1"
},
{
"id": "CVE-2016-9840-c5f344c4",
"target": {
"file": "inftrees.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"79922679965347110745734698915726632467",
"126813590579008290988718395478645426206",
"79466596218979115230947295705213292393",
"94908522895392918179330397374303322654",
"294878633993268850114778284316336215255",
"45629984547848664636655317045532794035",
"116847805198357221433888060203111502041",
"312136188528093063192158590599941715254",
"54270934100445027986781242788444508427",
"151244602054367791046613768817959193697",
"182299172507133003738586974100950863836",
"287898435384129613401554161468337708342",
"165985360513289330686611297477254368814",
"275321615747459570033077014648560830547",
"70348488676879259643634764804252428984",
"295378974609983581304343450587863375323",
"281587176543147940050594107912300113027",
"291357719346107022770774239922984576091",
"5363548009795485230402450341246148900",
"283614953693141663496762238152828872207",
"317432809742657110140968209661147809307",
"223316103943005991916374936548405181986",
"94843072090250528147617254384594442333",
"207902361503503787683588524899448874944",
"128236543350826831504384697314118593786",
"17736424622891055567985379507175510801",
"99172734391354959660529588307945130416",
"168640863699306485229530538896427329407",
"22889291697561298601158473495398811020",
"99489743347852376068360184828245211593"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0",
"signature_version": "v1"
},
{
"id": "CVE-2016-9840-ebd0da57",
"target": {
"file": "deflate.c"
},
"digest": {
"line_hashes": [
"241551680136109100503375360648810826978",
"68187369923040033918172656615963607133",
"297761764425146664349507739115654243055"
],
"threshold": 0.9
},
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9840.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.78.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18c"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.0-update161"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.0-update151"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.0-update144"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.0-update161"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.0-update151"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.0-update144"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4"
}
]
}
]