Bug 2459002 (CVE-2026-27820)
| Summary: | CVE-2026-27820 zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | csutherl, eshamard, jclere, jkoehler, jvasik, kaycoth, lphiri, pjindal, plodge, rblanco, rhel-process-autobot, sdawley, szappis, vchlup, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib::GzipReader component contains a buffer overflow vulnerability. This occurs because the zstream_buffer_ungets function does not ensure sufficient memory capacity before moving existing data, which can lead to memory corruption. An attacker could potentially exploit this to cause unexpected behavior or system instability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-04-16 18:01:16 UTC
Upstream public commit for this issue: https://github.com/ruby/zlib/commit/608d2be66fcbcb759cbe26c82e95f4381b8dd140 |