CVE-2026-27171

Exploit

EPSS 0.01%
Veröffentlicht 18.02.2026 02:36:19
Zuletzt bearbeitet 25.03.2026 21:27:04
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zlib ≫ Zlib Version >= 1.2.12 < 1.3.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.008

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cve@mitre.org	2.9	1.4	1.4	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://github.com/madler/zlib/issues/904

Exploit

Issue Tracking

https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf

Technical Description

https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/

Product

https://ostif.org/zlib-audit-complete/

Product

https://github.com/madler/zlib/releases/tag/v1.3.2

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2026-27171