Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-27171

Опубликовано: 18 фев. 2026
Источник: redhat
CVSS3: 2.9
EPSS Низкий

Описание

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

A flaw was found in zlib. An attacker providing specially crafted input to the crc32_combine64 or crc32_combine_gen64 functions could trigger an infinite loop within the x2nmodp function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel9Out of support scope
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-operator-bundleOut of support scope
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-proxy-rhel9Out of support scope
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-rhel9-operatorOut of support scope
Logging Subsystem for Red Hat OpenShiftopenshift-logging/kibana6-rhel8Out of support scope
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-curator5-rhel9Out of support scope
Red Hat build of OpenJDK 11 ELSjava-11-openjdkOut of support scope
Red Hat build of OpenJDK 11 ELSjava-11-openjdk-portableOut of support scope
Red Hat build of OpenJDK 17java-17-openjdk-portableFix deferred
Red Hat build of OpenJDK 1.8java-1.8.0-openjdk-portableFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=2440530zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

EPSS

Процентиль: 1%
0.00007
Низкий

2.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-27171

CVSS3: 2.9
ubuntu
около 1 месяца назад

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

nvd логотип

CVE-2026-27171

CVSS3: 2.9
nvd
около 1 месяца назад

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

msrc логотип

CVE-2026-27171

CVSS3: 2.9
msrc
около 1 месяца назад

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

debian логотип

CVE-2026-27171

CVSS3: 2.9
debian
около 1 месяца назад

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32 ...

suse-cvrf логотип

SUSE-SU-2026:0783-1

suse-cvrf
23 дня назад

Security update for zlib

EPSS

Процентиль: 1%
0.00007
Низкий

2.9 Low

CVSS3