2440530 – (CVE-2026-27171) CVE-2026-27171 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

Bug 2440530 (CVE-2026-27171) - CVE-2026-27171 zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

Summary: CVE-2026-27171 zlib: zlib: Denial of Service via infinite loop in CRC32 combi...

Keywords:
Status:	NEW
Alias:	CVE-2026-27171
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-18 04:01 UTC by OSIDB Bzimport
Modified:	2026-02-18 10:50 UTC (History)
CC List:	32 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-18 04:01:09 UTC

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Note You need to log in before you can comment on or make changes to this bug.

adudiak
ahughes
caswilli
csutherl
dfreiber
drow
fferrari
fitzsim
gotiwari
jburrell
jcantril
jclere
jgrulich
jhorak
jvasik
kaycoth
khosford
kshier
mvyas
neugens
pjindal
plodge
rblanco
rojacob
stcannon
szappis
teagle
tpopela
vchlup
vkumar
vmugicag
yguenane