CVE-2026-27171

EUVD-2026-8063
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.9 LOW
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 10%
Affected Products (NVD)
VendorProductVersion
zlibzlib
1.2.12 ≤
𝑥
< 1.3.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zlib
bookworm
no-dsa
bullseye
postponed
bullseye (security)
vulnerable
forky
1:1.3.dfsg+really1.3.2-3
fixed
sid
1:1.3.dfsg+really1.3.2-3
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libminizip1
suse enterprise desktop 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.6.1
fixed
libz1
suse enterprise desktop 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.6.1
fixed
libz1-32bit
suse enterprise desktop 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.6.1
fixed
minizip-devel
suse enterprise desktop 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.6.1
fixed
zlib-devel
suse enterprise desktop 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.6.1
fixed
zlib-devel-static
suse enterprise desktop 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.6.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.6.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
nodejs20
Amazon Linux 2023
1:20.20.2-1.amzn2023.0.2
fixed
nodejs20-debuginfo
Amazon Linux 2023
1:20.20.2-1.amzn2023.0.2
fixed
nodejs20-debugsource
Amazon Linux 2023
1:20.20.2-1.amzn2023.0.2
fixed
nodejs20-devel
Amazon Linux 2023
1:20.20.2-1.amzn2023.0.2
fixed
nodejs20-docs
Amazon Linux 2023
1:20.20.2-1.amzn2023.0.2
fixed
nodejs20-full-i18n
Amazon Linux 2023
1:20.20.2-1.amzn2023.0.2
fixed
nodejs20-libs
Amazon Linux 2023
1:20.20.2-1.amzn2023.0.2
fixed
nodejs20-libs-debuginfo
Amazon Linux 2023
1:20.20.2-1.amzn2023.0.2
fixed
nodejs20-npm
Amazon Linux 2023
1:10.8.2-1.20.20.2.1.amzn2023.0.2
fixed
nodejs22
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.2
fixed
nodejs22-debuginfo
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.2
fixed
nodejs22-debugsource
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.2
fixed
nodejs22-devel
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.2
fixed
nodejs22-docs
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.2
fixed
nodejs22-full-i18n
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.2
fixed
nodejs22-libs
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.2
fixed
nodejs22-libs-debuginfo
Amazon Linux 2023
1:22.22.2-1.amzn2023.0.2
fixed
nodejs22-npm
Amazon Linux 2023
1:10.9.7-1.22.22.2.1.amzn2023.0.2
fixed
nodejs24
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-debuginfo
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-debugsource
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-devel
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-docs
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-full-i18n
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-libs
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-libs-debuginfo
Amazon Linux 2023
1:24.15.0-1.amzn2023.0.1
fixed
nodejs24-npm
Amazon Linux 2023
1:11.12.1-1.24.15.0.1.amzn2023.0.1
fixed
v8-11.3-devel
Amazon Linux 2023
3:11.3.244.8-1.20.20.2.1.amzn2023.0.2
fixed
v8-12.4-devel
Amazon Linux 2023
3:12.4.254.21-1.22.22.2.1.amzn2023.0.2
fixed
v8-13.6-devel
Amazon Linux 2023
3:13.6.233.17-1.24.15.0.1.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
rust
CBL-Mariner 2.0
0:1.72.0-15.cm2
fixed
zlib
Azure Linux 3.0
0:1.3.2-1.azl3
fixed