CVE-2016-9842
- Source
- https://cve.org/CVERecord?id=CVE-2016-9842
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9842.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2016-9842
- Aliases
- Downstream
- Related
- Published
- 2017-05-23T04:29:01.837Z
- Modified
- 2026-04-11T03:57:08.314647Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
- References
-
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html
- http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html
- https://access.redhat.com/errata/RHSA-2017:2999
- https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html
- https://security.gentoo.org/glsa/201701-56
- https://security.gentoo.org/glsa/202007-54
- https://support.apple.com/HT208112
- https://usn.ubuntu.com/4246-1/
- https://access.redhat.com/errata/RHSA-2017:3047
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html
- https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- https://access.redhat.com/errata/RHSA-2017:3453
- https://usn.ubuntu.com/4292-1/
- https://access.redhat.com/errata/RHSA-2017:1220
- https://support.apple.com/HT208113
- https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib
- http://www.securitytracker.com/id/1039427
- https://access.redhat.com/errata/RHSA-2017:1221
- https://access.redhat.com/errata/RHSA-2017:1222
- https://www.oracle.com/security-alerts/cpujul2020.html
- http://www.securityfocus.com/bid/95131
- https://access.redhat.com/errata/RHSA-2017:3046
- https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
- https://bugzilla.redhat.com/show_bug.cgi?id=1402348
- http://www.openwall.com/lists/oss-security/2016/12/05/21
Affected packages
Git / github.com/madler/zlib
Affected ranges
- Type
- GIT
- Repo
- https://github.com/madler/zlib
- Events
- Database specific
{ "versions": [ { "introduced": "1.2.3.4" }, { "fixed": "1.2.9" } ] }
- Type
- GIT
- Repo
- https://github.com/mysql/mysql-server
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "8.0" }, { "introduced": "5.5.0" }, { "last_affected": "5.5.61" }, { "introduced": "5.6.0" }, { "last_affected": "5.6.41" }, { "introduced": "5.7.0" }, { "last_affected": "5.7.23" }, { "introduced": "8.0.0" }, { "last_affected": "8.0.12" }, { "introduced": "0" }, { "last_affected": "7.5" }, { "introduced": "4.0.0" }, { "last_affected": "4.1.2" } ] }
- Type
- GIT
- Repo
- https://github.com/nodejs/node
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedLast affectedIntroducedFixedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "13.2" }, { "introduced": "0" }, { "last_affected": "5.8" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "7.4" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "0" }, { "last_affected": "6.0" }, { "introduced": "0" }, { "last_affected": "7.0" }, { "introduced": "10.0.0" }, { "fixed": "10.13.0" }, { "introduced": "0" }, { "fixed": "11.0" }, { "introduced": "4.2.0" }, { "fixed": "4.8.2" }, { "introduced": "6.0.0" }, { "last_affected": "6.8.1" }, { "introduced": "6.9.0" }, { "fixed": "6.10.2" }, { "introduced": "7.0.0" }, { "fixed": "7.6.0" } ] }
Affected versions
mysql-3.*
mysql-3.23.22-beta
mysql-3.23.28-gamma
mysql-3.23.30-gamma
mysql-3.23.31
mysql-3.23.32
mysql-3.23.33
mysql-3.23.36
mysql-4.*
mysql-4.0.2
mysql-4.0.4
mysql-4.1.1
mysql-4.1.2
mysql-5.*
mysql-5.1.4
mysql-5.5.15
mysql-5.5.19
mysql-5.5.23
mysql-5.5.25
mysql-5.5.27
mysql-5.5.44
mysql-5.5.47
mysql-5.5.49
mysql-5.5.59
mysql-5.5.60
mysql-5.5.61
mysql-5.6.40
mysql-5.6.41
mysql-5.7.23
mysql-8.*
mysql-8.0.0
mysql-8.0.12
mysql-cluster-7.*
mysql-cluster-7.5.0
v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.4
v0.0.6
v0.1.0
v0.1.1
v0.1.10
v0.1.100
v0.1.101
v0.1.102
v0.1.103
v0.1.104
v0.1.11
v0.1.12
v0.1.13
v0.1.14
v0.1.15
v0.1.16
v0.1.17
v0.1.18
v0.1.19
v0.1.2
v0.1.20
v0.1.21
v0.1.22
v0.1.23
v0.1.24
v0.1.25
v0.1.26
v0.1.27
v0.1.28
v0.1.29
v0.1.3
v0.1.30
v0.1.31
v0.1.32
v0.1.33
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v0.1.92
v0.1.93
v0.1.94
v0.1.95
v0.1.96
v0.1.97
v0.1.98
v0.1.99
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.4.0
v0.5.0
v0.5.1
v0.5.10
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.5-rc1
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.7.0
v0.7.2
v0.7.3
v1.*
v1.0.1
v1.0.1-release
v1.0.2
v1.0.2-release
v1.0.3
v1.0.4
v1.1.0
v1.2.0
v1.2.3.4
v1.2.3.5
v1.2.3.6
v1.2.3.7
v1.2.3.8
v1.2.3.9
v1.2.4
v1.2.4-pre1
v1.2.4-pre2
v1.2.4.1
v1.2.4.2
v1.2.4.3
v1.2.4.4
v1.2.4.5
v1.2.5
v1.2.5.1
v1.2.5.2
v1.2.5.3
v1.2.6
v1.2.6.1
v1.2.7
v1.2.7.1
v1.2.7.2
v1.2.7.3
v1.2.8
v1.3.0
v1.4.1
v1.4.2
v1.4.3
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.7.0
v1.7.1
v10.*
v10.0.0
v10.1.0
v10.10.0
v10.11.0
v10.12.0
v10.2.0
v10.2.1
v10.3.0
v10.4.0
v10.4.1
v10.5.0
v10.6.0
v10.7.0
v10.8.0
v10.9.0
v13.*
v13.0.0
v13.0.1
v13.1.0
v13.2.0
v2.*
v2.0.0
v2.0.1
v2.0.2
v2.1.0
v2.2.0
v2.2.1
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.4.0
v2.5.0
v3.*
v3.0.0
v4.*
v4.2.0
v4.2.1
v4.2.2
v4.2.3
v4.2.4
v4.2.5
v4.2.6
v4.3.0
v4.3.1
v4.3.2
v4.4.0
v4.4.1
v4.4.2
v4.4.3
v4.4.4
v4.4.5
v4.4.6
v4.4.7
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.8.0
v4.8.1
v5.*
v5.0.0
v5.1.0
v5.1.1
v5.2.0
v5.3.0
v5.4.0
v5.4.1
v5.5.0
v5.6.0
v5.7.0
v5.7.1
v5.8.0
v6.*
v6.0.0
v6.1.0
v6.10.0
v6.10.1
v6.2.0
v6.2.1
v6.2.2
v6.3.0
v6.3.1
v6.4.0
v6.5.0
v6.6.0
v6.7.0
v6.8.0
v6.8.1
v6.9.0
v6.9.1
v6.9.2
v6.9.3
v6.9.4
v6.9.5
v7.*
v7.0.0
v7.1.0
v7.2.0
v7.2.1
v7.3.0
v7.4.0
v7.5.0
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18c"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.0-update161"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.0-update151"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.0-update144"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.6.0-update161"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.7.0-update151"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.0-update144"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4"
}
]
}
]
vanir_signatures_modified
"2026-04-11T03:57:08Z"
vanir_signatures
[
{
"deprecated": false,
"target": {
"file": "inflate.c"
},
"id": "CVE-2016-9842-3b57fccc",
"signature_type": "Line",
"source": "https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958",
"signature_version": "v1",
"digest": {
"line_hashes": [
"197951099598945818012665496059597381937",
"218058564149337140627069730938953305528",
"35461147203123204953544851692249115489",
"21791617784595784373422247518836318906",
"72931159308314729243247753659745241410",
"146904977187427878309415323339916421278"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "contrib/infback9/inftree9.c"
},
"id": "CVE-2016-9842-414fe37a",
"signature_type": "Line",
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_version": "v1",
"digest": {
"line_hashes": [
"16120810892851687554789220157819832702",
"131827276427891043182256510196340875300",
"189513208101419307945534658579998871654",
"212147175082612510136412243030409560140",
"299085759267730258754641938507926344080",
"138959356155413799645705262600700520329",
"29752084737358720135606731688432604107",
"166620327939650871483308933286046278470"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "inftrees.c"
},
"id": "CVE-2016-9842-7d837108",
"signature_type": "Line",
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_version": "v1",
"digest": {
"line_hashes": [
"33289512042373412906093149139436580830",
"91426820839317131268716791780186008144",
"194818944693421866592958753112657371532",
"159668138545083466055711927804961193023",
"255066741664144691720111386013603848817",
"234232056215069776200927132383547217084",
"295366361648995060731826038642910043574",
"194364176202057146808626712171096427014"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "zconf.h"
},
"id": "CVE-2016-9842-877aa23a",
"signature_type": "Line",
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_version": "v1",
"digest": {
"line_hashes": [
"173123370633123651154244949134281019542",
"102273106005205754638040113472517884264",
"235429814244466703824677965529538273675",
"208303993750882978934021550073336842459",
"97615609550968706431926448181519994863",
"339118080829838946074693924107468946553",
"80218173194119430334455345176075092856",
"221115080022463896686917755184628890434",
"220779142876063203106760351651649795828",
"79972837918061490055760410628729165483",
"29640572416293066614062894907893542972",
"320836455951002542724053434768351830366",
"278439570502606989562359642144711240921",
"74969605840670941905966442808748242415",
"136349982313411503433050181948921111059",
"84828482625013498067679033752823325859",
"218156909012989000717970859258362570251",
"156120690550699675574548547437792604157",
"174169894385923384555886757688589868129",
"113887265610536653913694580851125688715",
"322944331613534704823013669100696288875",
"25052244974639821325585794070234606822",
"38325901798038084643343130133098808807",
"158002972493212489475769473812998149461",
"292758423975469462340735089873782351214",
"197319885884091558389402997168622303229",
"273529858872929722013164257392580258347",
"2188558013403878625577241987667171928",
"227718873515223558132286010362181398299",
"337146253929636158546926301773569599342",
"276954032770302743552966193594550874576",
"326215511158024088703961555581128655326",
"243619819439693214143230160079414937501",
"232483367442315974246589415647223061426",
"260395415480728946097742438941645713965",
"292290712618831869667048484348647386677",
"191647618147979755276168823006196468103",
"219013074033810971796049774630081821884",
"205564429641538400226903564968255480612",
"294498949750680192840586029840089044143",
"183398131489758762038008857864289906980",
"69378252258223222776676769656103498778",
"150063933148831471523654235222726000523",
"160919057829188140111342717977171904200",
"113985210579133651988131412870508958926",
"236797731968003545657916862894293146441"
],
"threshold": 0.9
}
},
{
"deprecated": false,
"target": {
"file": "deflate.c"
},
"id": "CVE-2016-9842-ebd0da57",
"signature_type": "Line",
"source": "https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71",
"signature_version": "v1",
"digest": {
"line_hashes": [
"241551680136109100503375360648810826978",
"68187369923040033918172656615963607133",
"297761764425146664349507739115654243055"
],
"threshold": 0.9
}
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9842.json"