CVE-2026-27820

EUVD-2026-23278

16.04.2026, 18:16

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Affected Products (NVD)

Vendor	Product	Version
ruby-lang	zlib	𝑥 < 3.0.1
ruby-lang	zlib	3.1.0 ≤ 𝑥 < 3.1.2
ruby-lang	zlib	3.2.0 ≤ 𝑥 < 3.2.3

𝑥

= Vulnerable software versions

openSUSE / SLES Releases

openSUSE Product

Release

libruby2_5-2_5

suse enterprise desktop 15 SP7	2.5.9-150700.24.6.1 fixed
suse enterprise sap 15 SP7	2.5.9-150700.24.6.1 fixed
suse enterprise server 15 SP7	2.5.9-150700.24.6.1 fixed

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w

https://hackerone.com/reports/3467067