8.6
CVE-2026-22184
- EPSS 0.35%
- Veröffentlicht 07.01.2026 20:25:19
- Zuletzt bearbeitet 30.06.2026 03:17:26
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.268 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 4.6 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8.6 | 3.9 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://seclists.org/fulldisclosure/2026/Jan/3
https://zlib.net/
https://github.com/madler/zlib
https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname
https://github.com/madler/zlib/issues/1142
https://access.redhat.com/security/cve/CVE-2026-22184
https://bugzilla.redhat.com/show_bug.cgi?id=2427688
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22184.json