CVE-2026-27171

Опубликовано: 18 фев. 2026

Источник: debian

EPSS Низкий

Описание

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Пакеты

Пакет	Статус	Релиз	Тип
zlib	unfixed		package
zlib	no-dsa	trixie	package
zlib	no-dsa	bookworm	package
zlib	postponed	bullseye	package

Примечания

https://github.com/madler/zlib/issues/904
Fixed by: https://github.com/madler/zlib/commit/ba829a458576d1ff0f26fc7230c6de816d1f6a77 (v1.3.2)

EPSS

Процентиль: 1%

0.00007

Низкий

Связанные уязвимости

CVE-2026-27171

CVSS3: 2.9

ubuntu

около 1 месяца назад

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

CVE-2026-27171

CVSS3: 2.9

redhat

около 1 месяца назад

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

CVE-2026-27171

CVSS3: 2.9

nvd

около 1 месяца назад

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

CVE-2026-27171

CVSS3: 2.9

msrc

около 1 месяца назад

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

SUSE-SU-2026:0783-1

suse-cvrf

23 дня назад

Security update for zlib

EPSS

Процентиль: 1%

0.00007

Низкий