{"id":"CVE-2016-9842","details":"The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.","aliases":["PSF-2017-4"],"modified":"2026-04-16T04:39:15.189852497Z","published":"2017-05-23T04:29:01.837Z","related":["CGA-mhp8-72hg-36jv","SUSE-SU-2016:3209-1","SUSE-SU-2017:0003-1","SUSE-SU-2017:0004-1","SUSE-SU-2017:1384-1","SUSE-SU-2017:1385-1","SUSE-SU-2017:1386-1","SUSE-SU-2017:1387-1","SUSE-SU-2017:1389-1","SUSE-SU-2017:1444-1","SUSE-SU-2017:2699-1","SUSE-SU-2017:2700-1","SUSE-SU-2017:2989-1","SUSE-SU-2018:0005-1","SUSE-SU-2018:1815-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2999"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-56"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-54"},{"type":"ADVISORY","url":"https://support.apple.com/HT208112"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4246-1/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3047"},{"type":"ADVISORY","url":"https://support.apple.com/HT208115"},{"type":"ADVISORY","url":"https://support.apple.com/HT208144"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"},{"type":"ADVISORY","url":"https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3453"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4292-1/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1220"},{"type":"ADVISORY","url":"https://support.apple.com/HT208113"},{"type":"ADVISORY","url":"https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039427"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1221"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:1222"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/95131"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:3046"},{"type":"FIX","url":"https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402348"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/12/05/21"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/madler/zlib","events":[{"introduced":"f6194ef39af5864f792412460c354cc339dde7d1"},{"fixed":"2fa463bacfff79181df1a5270fb67cc679a53e71"},{"fixed":"e54e1299404101a5a9d0cf5e45512b543967f958"}],"database_specific":{"versions":[{"introduced":"1.2.3.4"},{"fixed":"1.2.9"}]}},{"type":"GIT","repo":"https://github.com/mysql/mysql-server","events":[{"introduced":"0"},{"last_affected":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"introduced":"54df0057e18d8c82c23fbd4e0bf5b5dc2e762955"},{"last_affected":"e48d775c6f066add457fa8cfb2ebc4d5ff0c7613"},{"introduced":"0"},{"last_affected":"06bc670db0c0e45b3ea11409382a5c315961f682"},{"introduced":"0"},{"last_affected":"913071c0b16cc03e703308250d795bc381627e37"},{"introduced":"270fd3411e3d671a73ed9725940a30080f59ce6d"},{"last_affected":"b93c1661d689c8b7decc7563ba15f6ed140a4eb6"},{"introduced":"0"},{"last_affected":"ae41ce7c4ecff5e1e336ab768867370b8c94e02d"},{"introduced":"0"},{"last_affected":"c942a7ecd2a6b10af9177d7201aeabe9e0af8388"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.0"},{"introduced":"5.5.0"},{"last_affected":"5.5.61"},{"introduced":"5.6.0"},{"last_affected":"5.6.41"},{"introduced":"5.7.0"},{"last_affected":"5.7.23"},{"introduced":"8.0.0"},{"last_affected":"8.0.12"},{"introduced":"0"},{"last_affected":"7.5"},{"introduced":"4.0.0"},{"last_affected":"4.1.2"}]}},{"type":"GIT","repo":"https://github.com/nodejs/node","events":[{"introduced":"0"},{"last_affected":"8eda60c8234177a7d41aac0828fab30c08970cd8"},{"introduced":"0"},{"last_affected":"fc13773aab9ca573ddd24ccaf91aeb3070837cbc"},{"introduced":"0"},{"last_affected":"ce3e3c5fe15479475c068482c48eb9cbf1ac9df5"},{"introduced":"0"},{"last_affected":"362fe010fe8f6feb0030e1e02c689b501e11ddb7"},{"introduced":"0"},{"last_affected":"4760abcdd95070e06257b5408c2f72dcc787cfa9"},{"introduced":"0"},{"last_affected":"ce3e3c5fe15479475c068482c48eb9cbf1ac9df5"},{"introduced":"0"},{"last_affected":"362fe010fe8f6feb0030e1e02c689b501e11ddb7"},{"introduced":"0"},{"last_affected":"ce3e3c5fe15479475c068482c48eb9cbf1ac9df5"},{"introduced":"0"},{"last_affected":"362fe010fe8f6feb0030e1e02c689b501e11ddb7"},{"introduced":"cf41627411886000429bde058a6594fb7f6d6d47"},{"fixed":"ab4af087e83d91a46354d765306d3543b1d85423"},{"introduced":"0"},{"fixed":"cea049bcf8bb0f9a6e0095dbd5dffdb14dc8f71b"},{"introduced":"6dc12b1042d5d4727f77e8a1c5758dab91400069"},{"fixed":"ea2ceac846abb279fd4d141bfe32fc4f7a6e30e0"},{"introduced":"ce3e3c5fe15479475c068482c48eb9cbf1ac9df5"},{"last_affected":"c6a397bce63fc026421e1515b98eec9b8b5a8468"},{"introduced":"6b1c40be84fbe5ea404f25e4e340a0c1fe67a60a"},{"fixed":"fbc9fded2fb4caa104e55146e6fa4fc2c3d11daf"},{"introduced":"362fe010fe8f6feb0030e1e02c689b501e11ddb7"},{"fixed":"bebda6df68c71f233a2ee212b2569ae6e70b48a9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"13.2"},{"introduced":"0"},{"last_affected":"5.8"},{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"7.4"},{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"6.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"10.0.0"},{"fixed":"10.13.0"},{"introduced":"0"},{"fixed":"11.0"},{"introduced":"4.2.0"},{"fixed":"4.8.2"},{"introduced":"6.0.0"},{"last_affected":"6.8.1"},{"introduced":"6.9.0"},{"fixed":"6.10.2"},{"introduced":"7.0.0"},{"fixed":"7.6.0"}]}}],"versions":["mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-4.1.1","mysql-4.1.2","mysql-5.1.4","mysql-5.5.15","mysql-5.5.19","mysql-5.5.23","mysql-5.5.25","mysql-5.5.27","mysql-5.5.44","mysql-5.5.47","mysql-5.5.49","mysql-5.5.59","mysql-5.5.60","mysql-5.5.61","mysql-5.6.40","mysql-5.6.41","mysql-5.7.23","mysql-8.0.0","mysql-8.0.12","mysql-cluster-7.5.0","v0.0.1","v0.0.2","v0.0.3","v0.0.4","v0.0.6","v0.1.0","v0.1.1","v0.1.10","v0.1.100","v0.1.101","v0.1.102","v0.1.103","v0.1.104","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.17","v0.1.18","v0.1.19","v0.1.2","v0.1.20","v0.1.21","v0.1.22","v0.1.23","v0.1.24","v0.1.25","v0.1.26","v0.1.27","v0.1.28","v0.1.29","v0.1.3","v0.1.30","v0.1.31","v0.1.32","v0.1.33","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.1.92","v0.1.93","v0.1.94","v0.1.95","v0.1.96","v0.1.97","v0.1.98","v0.1.99","v0.2.0","v0.3.0","v0.3.1","v0.3.2","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.4.0","v0.5.0","v0.5.1","v0.5.10","v0.5.2","v0.5.3","v0.5.4","v0.5.5","v0.5.5-rc1","v0.5.6","v0.5.7","v0.5.8","v0.5.9","v0.6.0","v0.6.1","v0.7.0","v0.7.2","v0.7.3","v1.0.1","v1.0.1-release","v1.0.2","v1.0.2-release","v1.0.3","v1.0.4","v1.1.0","v1.2.0","v1.2.3.4","v1.2.3.5","v1.2.3.6","v1.2.3.7","v1.2.3.8","v1.2.3.9","v1.2.4","v1.2.4-pre1","v1.2.4-pre2","v1.2.4.1","v1.2.4.2","v1.2.4.3","v1.2.4.4","v1.2.4.5","v1.2.5","v1.2.5.1","v1.2.5.2","v1.2.5.3","v1.2.6","v1.2.6.1","v1.2.7","v1.2.7.1","v1.2.7.2","v1.2.7.3","v1.2.8","v1.3.0","v1.4.1","v1.4.2","v1.4.3","v1.5.0","v1.5.1","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.7.0","v1.7.1","v10.0.0","v10.1.0","v10.10.0","v10.11.0","v10.12.0","v10.2.0","v10.2.1","v10.3.0","v10.4.0","v10.4.1","v10.5.0","v10.6.0","v10.7.0","v10.8.0","v10.9.0","v13.0.0","v13.0.1","v13.1.0","v13.2.0","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.2.0","v2.2.1","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.4.0","v2.5.0","v3.0.0","v4.2.0","v4.2.1","v4.2.2","v4.2.3","v4.2.4","v4.2.5","v4.2.6","v4.3.0","v4.3.1","v4.3.2","v4.4.0","v4.4.1","v4.4.2","v4.4.3","v4.4.4","v4.4.5","v4.4.6","v4.4.7","v4.5.0","v4.6.0","v4.6.1","v4.6.2","v4.7.0","v4.7.1","v4.7.2","v4.7.3","v4.8.0","v4.8.1","v5.0.0","v5.1.0","v5.1.1","v5.2.0","v5.3.0","v5.4.0","v5.4.1","v5.5.0","v5.6.0","v5.7.0","v5.7.1","v5.8.0","v6.0.0","v6.1.0","v6.10.0","v6.10.1","v6.2.0","v6.2.1","v6.2.2","v6.3.0","v6.3.1","v6.4.0","v6.5.0","v6.6.0","v6.7.0","v6.8.0","v6.8.1","v6.9.0","v6.9.1","v6.9.2","v6.9.3","v6.9.4","v6.9.5","v7.0.0","v7.1.0","v7.2.0","v7.2.1","v7.3.0","v7.4.0","v7.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9842.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"42.1"}]},{"events":[{"introduced":"0"},{"last_affected":"42.2"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18c"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.0-update161"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0-update151"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update144"}]},{"events":[{"introduced":"0"},{"last_affected":"1.6.0-update161"}]},{"events":[{"introduced":"0"},{"last_affected":"1.7.0-update151"}]},{"events":[{"introduced":"0"},{"last_affected":"1.8.0-update144"}]},{"events":[{"introduced":"0"},{"fixed":"11"}]},{"events":[{"introduced":"0"},{"fixed":"4"}]}],"vanir_signatures":[{"id":"CVE-2016-9842-3b57fccc","signature_version":"v1","deprecated":false,"target":{"file":"inflate.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["197951099598945818012665496059597381937","218058564149337140627069730938953305528","35461147203123204953544851692249115489","21791617784595784373422247518836318906","72931159308314729243247753659745241410","146904977187427878309415323339916421278"]},"source":"https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"},{"deprecated":false,"signature_version":"v1","id":"CVE-2016-9842-414fe37a","target":{"file":"contrib/infback9/inftree9.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["16120810892851687554789220157819832702","131827276427891043182256510196340875300","189513208101419307945534658579998871654","212147175082612510136412243030409560140","299085759267730258754641938507926344080","138959356155413799645705262600700520329","29752084737358720135606731688432604107","166620327939650871483308933286046278470"]},"source":"https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71"},{"deprecated":false,"signature_version":"v1","id":"CVE-2016-9842-7d837108","target":{"file":"inftrees.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["33289512042373412906093149139436580830","91426820839317131268716791780186008144","194818944693421866592958753112657371532","159668138545083466055711927804961193023","255066741664144691720111386013603848817","234232056215069776200927132383547217084","295366361648995060731826038642910043574","194364176202057146808626712171096427014"]},"source":"https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","target":{"file":"zconf.h"},"id":"CVE-2016-9842-877aa23a","digest":{"threshold":0.9,"line_hashes":["173123370633123651154244949134281019542","102273106005205754638040113472517884264","235429814244466703824677965529538273675","208303993750882978934021550073336842459","97615609550968706431926448181519994863","339118080829838946074693924107468946553","80218173194119430334455345176075092856","221115080022463896686917755184628890434","220779142876063203106760351651649795828","79972837918061490055760410628729165483","29640572416293066614062894907893542972","320836455951002542724053434768351830366","278439570502606989562359642144711240921","74969605840670941905966442808748242415","136349982313411503433050181948921111059","84828482625013498067679033752823325859","218156909012989000717970859258362570251","156120690550699675574548547437792604157","174169894385923384555886757688589868129","113887265610536653913694580851125688715","322944331613534704823013669100696288875","25052244974639821325585794070234606822","38325901798038084643343130133098808807","158002972493212489475769473812998149461","292758423975469462340735089873782351214","197319885884091558389402997168622303229","273529858872929722013164257392580258347","2188558013403878625577241987667171928","227718873515223558132286010362181398299","337146253929636158546926301773569599342","276954032770302743552966193594550874576","326215511158024088703961555581128655326","243619819439693214143230160079414937501","232483367442315974246589415647223061426","260395415480728946097742438941645713965","292290712618831869667048484348647386677","191647618147979755276168823006196468103","219013074033810971796049774630081821884","205564429641538400226903564968255480612","294498949750680192840586029840089044143","183398131489758762038008857864289906980","69378252258223222776676769656103498778","150063933148831471523654235222726000523","160919057829188140111342717977171904200","113985210579133651988131412870508958926","236797731968003545657916862894293146441"]},"source":"https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71"},{"deprecated":false,"signature_version":"v1","signature_type":"Line","target":{"file":"deflate.c"},"id":"CVE-2016-9842-ebd0da57","digest":{"threshold":0.9,"line_hashes":["241551680136109100503375360648810826978","68187369923040033918172656615963607133","297761764425146664349507739115654243055"]},"source":"https://github.com/madler/zlib/commit/2fa463bacfff79181df1a5270fb67cc679a53e71"}],"vanir_signatures_modified":"2026-04-11T03:57:08Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}