Количество 7
Количество 7
GHSA-7687-3v4j-49fr
zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.
CVE-2026-22184
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
CVE-2026-22184
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
CVE-2026-22184
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
CVE-2026-22184
zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()
CVE-2026-22184
zlib versions up to and including 1.3.1.2 include a global buffer over ...
BDU:2026-00376
Уязвимость функции TGZfname() утилиты untgz библиотеки сжатия zlib, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-7687-3v4j-49fr zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation. | CVSS3: 9.8 | 0% Низкий | 3 месяца назад |
 | CVE-2026-22184 zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer. | CVSS3: 9.8 | 0% Низкий | 3 месяца назад |
 | CVE-2026-22184 zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer. | CVSS3: 8.6 | 0% Низкий | 3 месяца назад |
 | CVE-2026-22184 zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer. | CVSS3: 9.8 | 0% Низкий | 3 месяца назад |
 | CVE-2026-22184 zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname() | 0% Низкий | 3 месяца назад | |
| CVE-2026-22184 zlib versions up to and including 1.3.1.2 include a global buffer over ... | CVSS3: 9.8 | 0% Низкий | 3 месяца назад |
 | BDU:2026-00376 Уязвимость функции TGZfname() утилиты untgz библиотеки сжатия zlib, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании | CVSS3: 9.8 | 0% Низкий | 3 месяца назад |
Уязвимостей на страницу