Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/zlib@1.0.0
Typegem
Namespace
Namezlib
Version1.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.1
Latest_non_vulnerable_version3.2.3
Affected_by_vulnerabilities
0
url VCID-sfzh-hn56-hbak
vulnerability_id VCID-sfzh-hn56-hbak
summary 
Buffer overflow vulnerability in Zlib::GzipReader
A buffer overflow vulnerability exists in Zlib::GzipReader.
This vulnerability has been assigned the CVE identifier
CVE-2026-27820. We recommend upgrading the zlib gem.

## Details

The zstream_buffer_ungets function prepends caller-provided bytes
ahead of previously produced output but fails to guarantee the
backing Ruby string has enough capacity before the memmove shifts
the existing data. This can lead to memory corruption when the
buffer length exceeds capacity.

## Recommended action

We recommend to update the zlib gem to version 3.2.3 or later.
In order to ensure compatibility with bundled version in older
Ruby series, you may update as follows instead:

* For Ruby 3.2 users: Update to zlib 3.0.1
* For Ruby 3.3 users: Update to zlib 3.1.2
* You can use gem update zlib to update it. If you are using
   bundler, please add gem "zlib", ">= 3.2.3" to your Gemfile.

## Affected versions:

zlib gem 3.2.2 or lower

## Credits

Thanks to calysteon for reporting this issue. Also thanks to
nobu for creating the patch.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27820.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27820.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27820
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02466
published_at 2026-04-21T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12746
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27820
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27820
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27820
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/zlib/CVE-2026-27820.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/zlib/CVE-2026-27820.yml
5
reference_url https://github.com/ruby/zlib
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/zlib
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27820
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27820
7
reference_url https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134341
reference_id 1134341
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134341
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2459002
reference_id 2459002
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2459002
10
reference_url https://hackerone.com/reports/3467067
reference_id 3467067
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T18:20:13Z/
url https://hackerone.com/reports/3467067
11
reference_url https://github.com/advisories/GHSA-g857-hhfv-j68w
reference_id GHSA-g857-hhfv-j68w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g857-hhfv-j68w
12
reference_url https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w
reference_id GHSA-g857-hhfv-j68w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T18:20:13Z/
url https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w
13
reference_url https://access.redhat.com/errata/RHSA-2026:7305
reference_id RHSA-2026:7305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7305
14
reference_url https://access.redhat.com/errata/RHSA-2026:7307
reference_id RHSA-2026:7307
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7307
15
reference_url https://access.redhat.com/errata/RHSA-2026:8838
reference_id RHSA-2026:8838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8838
fixed_packages
0
url pkg:gem/zlib@3.0.1
purl pkg:gem/zlib@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.0.1
1
url pkg:gem/zlib@3.1.2
purl pkg:gem/zlib@3.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.1.2
2
url pkg:gem/zlib@3.2.3
purl pkg:gem/zlib@3.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.2.3
aliases CVE-2026-27820, GHSA-g857-hhfv-j68w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sfzh-hn56-hbak
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/zlib@1.0.0