8.6

CVE-2026-22184

Medienbericht
Exploit

zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZlibZlib Version <= 1.3.1.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.35% 0.268
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com 4.6 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.6 3.9 4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
08.01.2026 09:23
https://seclists.org/fulldisclosure/2026/Jan/3
Third Party Advisory
Mailing List
https://zlib.net/
Product
https://github.com/madler/zlib
Product
https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname
Third Party Advisory
https://github.com/madler/zlib/issues/1142
Issue Tracking
https://access.redhat.com/security/cve/CVE-2026-22184
https://bugzilla.redhat.com/show_bug.cgi?id=2427688
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22184.json