CVE-2016-9840
- Source
- https://cve.org/CVERecord?id=CVE-2016-9840
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9840.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-9840
- Aliases
- Downstream
- Related
- Published
- 2017-05-23T04:29:01.667Z
- Modified
- 2026-03-10T14:16:15.716851Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
- References
-
- http://www.securityfocus.com/bid/95131
- http://www.securitytracker.com/id/1039427
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- https://support.apple.com/HT208113
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://usn.ubuntu.com/4246-1/
- https://access.redhat.com/errata/RHSA-2017:1222
- https://access.redhat.com/errata/RHSA-2017:3046
- https://access.redhat.com/errata/RHSA-2017:3453
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://access.redhat.com/errata/RHSA-2017:2999
- https://security.gentoo.org/glsa/201701-56
- https://support.apple.com/HT208144
- https://usn.ubuntu.com/4292-1/
- https://access.redhat.com/errata/RHSA-2017:3047
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://support.apple.com/HT208112
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://www.openwall.com/lists/oss-security/2016/12/05/21
- https://access.redhat.com/errata/RHSA-2017:1220
- https://access.redhat.com/errata/RHSA-2017:1221
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://support.apple.com/HT208115
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- https://security.gentoo.org/glsa/202007-54
- https://bugzilla.redhat.com/show_bug.cgi?id=1402345
- https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
Affected packages
Git / github.com/madler/zlib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/madler/zlib
- Events
- Database specific
{ "versions": [ { "introduced": "1.2.0.6" }, { "fixed": "1.2.9" } ] }
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
IntroducedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "5.5.0" }, { "last_affected": "5.5.61" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.12" } ] }
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedLast affectedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "13.2" }, { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "0" }, { "last_affected": "5.8" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.4" }, { "introduced": "0" }, { "last_affected": "7.5" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "10.0.0" }, { "fixed": "10.13.0" }, { "introduced": "0" }, { "fixed": "11.0" }, { "introduced": "4.0.0" }, { "last_affected": "4.1.2" }, { "introduced": "4.2.0" }, { "fixed": "4.8.2" }, { "introduced": "6.0.0" }, { "last_affected": "6.8.1" }, { "introduced": "6.9.0" }, { "fixed": "6.10.2" }, { "introduced": "7.0.0" }, { "fixed": "7.6.0" } ] }
Affected versions
mysql-5.*
mysql-5.0.87sp1
mysql-5.0.90
mysql-5.0.91
mysql-5.0.92
mysql-5.0.93
mysql-5.0.94
mysql-5.0.95
mysql-5.0.96
mysql-5.1.40sp1
mysql-5.1.41
mysql-5.1.42
mysql-5.1.43
mysql-5.1.43sp1
mysql-5.1.44
mysql-5.1.45
mysql-5.1.46
mysql-5.1.46sp1
mysql-5.1.47
mysql-5.1.48
mysql-5.1.49
mysql-5.1.49sp1
mysql-5.1.50
mysql-5.1.51
mysql-5.1.52
mysql-5.1.52sp1
mysql-5.1.53
mysql-5.1.54
mysql-5.1.55
mysql-5.1.56
mysql-5.1.57
mysql-5.1.58
mysql-5.1.59
mysql-5.1.60
mysql-5.1.61
mysql-5.1.62
mysql-5.1.63
mysql-5.1.65
mysql-5.1.66
mysql-5.1.67
mysql-5.1.68
mysql-5.1.69
mysql-5.1.69-retag
mysql-5.1.70
mysql-5.1.71
mysql-5.1.72
mysql-5.1.73
mysql-5.1.74
mysql-5.1.75
mysql-5.1.76
mysql-5.1.77
mysql-5.5.0
mysql-5.5.1-m2
mysql-5.5.10
mysql-5.5.11
mysql-5.5.12
mysql-5.5.13
mysql-5.5.14
mysql-5.5.15
mysql-5.5.16
mysql-5.5.17
mysql-5.5.18
mysql-5.5.19
mysql-5.5.2-m2
mysql-5.5.20
mysql-5.5.21
mysql-5.5.22
mysql-5.5.23
mysql-5.5.24
mysql-5.5.25
mysql-5.5.25a
mysql-5.5.27
mysql-5.5.28
mysql-5.5.29
mysql-5.5.3-m3
mysql-5.5.30
mysql-5.5.31
mysql-5.5.32
mysql-5.5.33
mysql-5.5.34
mysql-5.5.35
mysql-5.5.36
mysql-5.5.37
mysql-5.5.38
mysql-5.5.39
mysql-5.5.40
mysql-5.5.41
mysql-5.5.42
mysql-5.5.43
mysql-5.5.44
mysql-5.5.45
mysql-5.5.46
mysql-5.5.47
mysql-5.5.48
mysql-5.5.49
mysql-5.5.5-m3
mysql-5.5.50
mysql-5.5.51
mysql-5.5.52
mysql-5.5.53
mysql-5.5.54
mysql-5.5.55
mysql-5.5.56
mysql-5.5.57
mysql-5.5.58
mysql-5.5.59
mysql-5.5.6-rc
mysql-5.5.60
mysql-5.5.61
mysql-5.5.7
mysql-5.5.8
mysql-5.5.9
v1.*
v1.2.0.6
v1.2.0.7
v1.2.0.8
v1.2.1
v1.2.1.1
v1.2.1.2
v1.2.2
v1.2.2.1
v1.2.2.2
v1.2.2.3
v1.2.2.4
v1.2.3
v1.2.3.1
v1.2.3.2
v1.2.3.3
v1.2.3.4
v1.2.3.5
v1.2.3.6
v1.2.3.7
v1.2.3.8
v1.2.3.9
v1.2.4
v1.2.4-pre1
v1.2.4-pre2
v1.2.4.1
v1.2.4.2
v1.2.4.3
v1.2.4.4
v1.2.4.5
v1.2.5
v1.2.5.1
v1.2.5.2
v1.2.5.3
v1.2.6
v1.2.6.1
v1.2.7
v1.2.7.1
v1.2.7.2
v1.2.7.3
v1.2.8
v4.*
v4.0.0
v4.1.0
v4.1.1
v4.1.2
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.0
v4.8.1
v6.*
v6.0.0
v6.1.0
v6.10.0
v6.10.1
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v7.*
v7.0.0
v7.1.0
v7.2.0
v7.2.1
v7.3.0
v7.4.0
v7.5.0
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9840.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16120810892851687554789220157819832702",
"131827276427891043182256510196340875300",
"189513208101419307945534658579998871654",
"212147175082612510136412243030409560140",
"299085759267730258754641938507926344080",
"138959356155413799645705262600700520329",
"29752084737358720135606731688432604107",
"166620327939650871483308933286046278470"
]
},
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_type": "Line",
"id": "CVE-2016-9840-414fe37a",
"target": {
"file": "contrib/infback9/inftree9.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"173123370633123651154244949134281019542",
"102273106005205754638040113472517884264",
"235429814244466703824677965529538273675",
"208303993750882978934021550073336842459",
"97615609550968706431926448181519994863",
"339118080829838946074693924107468946553",
"80218173194119430334455345176075092856",
"221115080022463896686917755184628890434",
"220779142876063203106760351651649795828",
"79972837918061490055760410628729165483",
"29640572416293066614062894907893542972",
"320836455951002542724053434768351830366",
"278439570502606989562359642144711240921",
"74969605840670941905966442808748242415",
"136349982313411503433050181948921111059",
"84828482625013498067679033752823325859",
"218156909012989000717970859258362570251",
"156120690550699675574548547437792604157",
"174169894385923384555886757688589868129",
"113887265610536653913694580851125688715",
"322944331613534704823013669100696288875",
"25052244974639821325585794070234606822",
"38325901798038084643343130133098808807",
"158002972493212489475769473812998149461",
"292758423975469462340735089873782351214",
"197319885884091558389402997168622303229",
"273529858872929722013164257392580258347",
"2188558013403878625577241987667171928",
"227718873515223558132286010362181398299",
"337146253929636158546926301773569599342",
"276954032770302743552966193594550874576",
"326215511158024088703961555581128655326",
"243619819439693214143230160079414937501",
"232483367442315974246589415647223061426",
"260395415480728946097742438941645713965",
"292290712618831869667048484348647386677",
"191647618147979755276168823006196468103",
"219013074033810971796049774630081821884",
"205564429641538400226903564968255480612",
"294498949750680192840586029840089044143",
"183398131489758762038008857864289906980",
"69378252258223222776676769656103498778",
"150063933148831471523654235222726000523",
"160919057829188140111342717977171904200",
"113985210579133651988131412870508958926",
"236797731968003545657916862894293146441"
]
},
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_type": "Line",
"id": "CVE-2016-9840-877aa23a",
"target": {
"file": "zconf.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"79922679965347110745734698915726632467",
"126813590579008290988718395478645426206",
"79466596218979115230947295705213292393",
"94908522895392918179330397374303322654",
"294878633993268850114778284316336215255",
"45629984547848664636655317045532794035",
"116847805198357221433888060203111502041",
"312136188528093063192158590599941715254",
"54270934100445027986781242788444508427",
"151244602054367791046613768817959193697",
"182299172507133003738586974100950863836",
"287898435384129613401554161468337708342",
"165985360513289330686611297477254368814",
"275321615747459570033077014648560830547",
"70348488676879259643634764804252428984",
"295378974609983581304343450587863375323",
"281587176543147940050594107912300113027",
"291357719346107022770774239922984576091",
"5363548009795485230402450341246148900",
"283614953693141663496762238152828872207",
"317432809742657110140968209661147809307",
"223316103943005991916374936548405181986",
"94843072090250528147617254384594442333",
"207902361503503787683588524899448874944",
"128236543350826831504384697314118593786",
"17736424622891055567985379507175510801",
"99172734391354959660529588307945130416",
"168640863699306485229530538896427329407",
"22889291697561298601158473495398811020",
"99489743347852376068360184828245211593"
]
},
"source": "https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0",
"signature_type": "Line",
"id": "CVE-2016-9840-c5f344c4",
"target": {
"file": "inftrees.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"241551680136109100503375360648810826978",
"68187369923040033918172656615963607133",
"297761764425146664349507739115654243055"
]
},
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_type": "Line",
"id": "CVE-2016-9840-ebd0da57",
"target": {
"file": "deflate.c"
}
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.78.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18c"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.0-update161"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.0-update151"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.0-update144"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.0-update161"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.0-update151"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.0-update144"
}
]
},
{
"events": [
{
"introduced": "5.6.0"
},
{
"last_affected": "5.6.41"
}
]
},
{
"events": [
{
"introduced": "5.7.0"
},
{
"last_affected": "5.7.23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4"
}
]
}
]