Bug 2459002 (CVE-2026-27820) - CVE-2026-27820 zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader
Summary: CVE-2026-27820 zlib: zlib: Memory corruption via buffer overflow in Zlib::Gzi...
Keywords:
Status: NEW
Alias: CVE-2026-27820
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-16 18:01 UTC by OSIDB Bzimport
Modified: 2026-06-05 21:08 UTC (History)
15 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-16 18:01:16 UTC
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

Comment 2 Marco Benatto 2026-04-16 19:15:09 UTC
Upstream public commit for this issue:
https://github.com/ruby/zlib/commit/608d2be66fcbcb759cbe26c82e95f4381b8dd140


Note You need to log in before you can comment on or make changes to this bug.