Permalink
CVE-2026-3381
9.8 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
by @mweinelt Activity log
- Created automatic suggestion
- @mweinelt dismissed
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.
References
- https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes release-notes
- https://www.zlib.net/
- https://github.com/madler/zlib
- https://github.com/madler/zlib/releases/tag/v1.3.2 release-notes
- https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ technical-description
- https://www.cve.org/CVERecord?id=CVE-2026-27171 vendor-advisory vdb-entry related
Affected products
Compress-Raw-Zlib
- =<2.219
Matching in nixpkgs
pkgs.perlPackages.CompressRawZlib
Low-Level Interface to zlib or zlib-ng compression library
pkgs.perl5Packages.CompressRawZlib
Low-Level Interface to zlib or zlib-ng compression library
pkgs.perl538Packages.CompressRawZlib
Low-Level Interface to zlib or zlib-ng compression library
pkgs.perl540Packages.CompressRawZlib
Low-Level Interface to zlib or zlib-ng compression library