Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-sfzh-hn56-hbak
Summary
Buffer overflow vulnerability in Zlib::GzipReader
A buffer overflow vulnerability exists in Zlib::GzipReader.
This vulnerability has been assigned the CVE identifier
CVE-2026-27820. We recommend upgrading the zlib gem.

## Details

The zstream_buffer_ungets function prepends caller-provided bytes
ahead of previously produced output but fails to guarantee the
backing Ruby string has enough capacity before the memmove shifts
the existing data. This can lead to memory corruption when the
buffer length exceeds capacity.

## Recommended action

We recommend to update the zlib gem to version 3.2.3 or later.
In order to ensure compatibility with bundled version in older
Ruby series, you may update as follows instead:

* For Ruby 3.2 users: Update to zlib 3.0.1
* For Ruby 3.3 users: Update to zlib 3.1.2
* You can use gem update zlib to update it. If you are using
   bundler, please add gem "zlib", ">= 3.2.3" to your Gemfile.

## Affected versions:

zlib gem 3.2.2 or lower

## Credits

Thanks to calysteon for reporting this issue. Also thanks to
nobu for creating the patch.
Aliases
0
alias CVE-2026-27820
1
alias GHSA-g857-hhfv-j68w
Fixed_packages
0
url pkg:apk/alpine/ruby@3.4.9-r0?arch=aarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=aarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=aarch64&distroversion=edge&reponame=main
1
url pkg:apk/alpine/ruby@3.4.9-r0?arch=armhf&distroversion=edge&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=armhf&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=armhf&distroversion=edge&reponame=main
2
url pkg:apk/alpine/ruby@3.4.9-r0?arch=armv7&distroversion=edge&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=armv7&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=armv7&distroversion=edge&reponame=main
3
url pkg:apk/alpine/ruby@3.4.9-r0?arch=loongarch64&distroversion=edge&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=loongarch64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=loongarch64&distroversion=edge&reponame=main
4
url pkg:apk/alpine/ruby@3.4.9-r0?arch=ppc64le&distroversion=edge&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=ppc64le&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=ppc64le&distroversion=edge&reponame=main
5
url pkg:apk/alpine/ruby@3.4.9-r0?arch=riscv64&distroversion=edge&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=riscv64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=riscv64&distroversion=edge&reponame=main
6
url pkg:apk/alpine/ruby@3.4.9-r0?arch=s390x&distroversion=edge&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=s390x&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=s390x&distroversion=edge&reponame=main
7
url pkg:apk/alpine/ruby@3.4.9-r0?arch=x86&distroversion=edge&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=x86&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=x86&distroversion=edge&reponame=main
8
url pkg:apk/alpine/ruby@3.4.9-r0?arch=x86_64&distroversion=edge&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=x86_64&distroversion=edge&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=x86_64&distroversion=edge&reponame=main
9
url pkg:apk/alpine/ruby@3.4.9-r0?arch=armhf&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=armhf&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=armhf&distroversion=v3.23&reponame=main
10
url pkg:apk/alpine/ruby@3.4.9-r0?arch=armv7&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=armv7&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=armv7&distroversion=v3.23&reponame=main
11
url pkg:apk/alpine/ruby@3.4.9-r0?arch=loongarch64&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=loongarch64&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=loongarch64&distroversion=v3.23&reponame=main
12
url pkg:apk/alpine/ruby@3.4.9-r0?arch=riscv64&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=riscv64&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=riscv64&distroversion=v3.23&reponame=main
13
url pkg:apk/alpine/ruby@3.4.9-r0?arch=s390x&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=s390x&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=s390x&distroversion=v3.23&reponame=main
14
url pkg:apk/alpine/ruby@3.4.9-r0?arch=ppc64le&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=ppc64le&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=ppc64le&distroversion=v3.23&reponame=main
15
url pkg:apk/alpine/ruby@3.4.9-r0?arch=x86&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=x86&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=x86&distroversion=v3.23&reponame=main
16
url pkg:apk/alpine/ruby@3.4.9-r0?arch=aarch64&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=aarch64&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=aarch64&distroversion=v3.23&reponame=main
17
url pkg:apk/alpine/ruby@3.4.9-r0?arch=x86_64&distroversion=v3.23&reponame=main
purl pkg:apk/alpine/ruby@3.4.9-r0?arch=x86_64&distroversion=v3.23&reponame=main
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/ruby@3.4.9-r0%3Farch=x86_64&distroversion=v3.23&reponame=main
18
url pkg:gem/zlib@3.0.1
purl pkg:gem/zlib@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.0.1
19
url pkg:gem/zlib@3.1.2
purl pkg:gem/zlib@3.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.1.2
20
url pkg:gem/zlib@3.2.3
purl pkg:gem/zlib@3.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.2.3
Affected_packages
0
url pkg:gem/zlib@0.0.1
purl pkg:gem/zlib@0.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@0.0.1
1
url pkg:gem/zlib@0.1.0
purl pkg:gem/zlib@0.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@0.1.0
2
url pkg:gem/zlib@1.0.0
purl pkg:gem/zlib@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@1.0.0
3
url pkg:gem/zlib@1.1.0
purl pkg:gem/zlib@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@1.1.0
4
url pkg:gem/zlib@2.0.0
purl pkg:gem/zlib@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@2.0.0
5
url pkg:gem/zlib@2.1.0
purl pkg:gem/zlib@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@2.1.0
6
url pkg:gem/zlib@2.1.1
purl pkg:gem/zlib@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@2.1.1
7
url pkg:gem/zlib@3.0.0
purl pkg:gem/zlib@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.0.0
8
url pkg:gem/zlib@3.1
purl pkg:gem/zlib@3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.1
9
url pkg:gem/zlib@3.1.0
purl pkg:gem/zlib@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.1.0
10
url pkg:gem/zlib@3.1.1
purl pkg:gem/zlib@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.1.1
11
url pkg:gem/zlib@3.2
purl pkg:gem/zlib@3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.2
12
url pkg:gem/zlib@3.2.0
purl pkg:gem/zlib@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.2.0
13
url pkg:gem/zlib@3.2.1
purl pkg:gem/zlib@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.2.1
14
url pkg:gem/zlib@3.2.2
purl pkg:gem/zlib@3.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-sfzh-hn56-hbak
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/zlib@3.2.2
15
url pkg:rpm/redhat/ruby3-3-main@3.3.10-23.1?arch=hum1
purl pkg:rpm/redhat/ruby3-3-main@3.3.10-23.1?arch=hum1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4qm3-nbsk-73he
1
vulnerability VCID-4yvc-uzev-wua4
2
vulnerability VCID-5xez-skrj-b3h4
3
vulnerability VCID-91b7-xx8t-rqhr
4
vulnerability VCID-a15m-bcma-vfa7
5
vulnerability VCID-arjz-geyr-q7e3
6
vulnerability VCID-ea13-mua4-1fb9
7
vulnerability VCID-fw7k-88kf-1kgg
8
vulnerability VCID-g7ju-q41v-wyhd
9
vulnerability VCID-jj3a-fpsa-a7at
10
vulnerability VCID-pegr-f5mh-ekdz
11
vulnerability VCID-qyz5-zmnt-qucy
12
vulnerability VCID-rwak-wvuw-qbcg
13
vulnerability VCID-sf98-mryd-yfb3
14
vulnerability VCID-sfzh-hn56-hbak
15
vulnerability VCID-t9y5-hd9b-bkc4
16
vulnerability VCID-wzdf-d9fv-u3hh
17
vulnerability VCID-x126-x9qm-e7d3
18
vulnerability VCID-xkd6-jvma-skfk
19
vulnerability VCID-y56y-5am7-wkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby3-3-main@3.3.10-23.1%3Farch=hum1
16
url pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1?arch=hum1
purl pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1?arch=hum1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4qm3-nbsk-73he
1
vulnerability VCID-4yvc-uzev-wua4
2
vulnerability VCID-5xez-skrj-b3h4
3
vulnerability VCID-91b7-xx8t-rqhr
4
vulnerability VCID-a15m-bcma-vfa7
5
vulnerability VCID-arjz-geyr-q7e3
6
vulnerability VCID-ea13-mua4-1fb9
7
vulnerability VCID-fw7k-88kf-1kgg
8
vulnerability VCID-g7ju-q41v-wyhd
9
vulnerability VCID-jj3a-fpsa-a7at
10
vulnerability VCID-pegr-f5mh-ekdz
11
vulnerability VCID-qyz5-zmnt-qucy
12
vulnerability VCID-rwak-wvuw-qbcg
13
vulnerability VCID-sf98-mryd-yfb3
14
vulnerability VCID-sfzh-hn56-hbak
15
vulnerability VCID-t9y5-hd9b-bkc4
16
vulnerability VCID-wzdf-d9fv-u3hh
17
vulnerability VCID-x126-x9qm-e7d3
18
vulnerability VCID-xkd6-jvma-skfk
19
vulnerability VCID-y56y-5am7-wkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby3-4-main@3.4.8-31.1%3Farch=hum1
17
url pkg:rpm/redhat/ruby4-0-main@4.0.0-33.3?arch=hum1
purl pkg:rpm/redhat/ruby4-0-main@4.0.0-33.3?arch=hum1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4qm3-nbsk-73he
1
vulnerability VCID-4yvc-uzev-wua4
2
vulnerability VCID-5xez-skrj-b3h4
3
vulnerability VCID-91b7-xx8t-rqhr
4
vulnerability VCID-a15m-bcma-vfa7
5
vulnerability VCID-arjz-geyr-q7e3
6
vulnerability VCID-ea13-mua4-1fb9
7
vulnerability VCID-fw7k-88kf-1kgg
8
vulnerability VCID-g7ju-q41v-wyhd
9
vulnerability VCID-jj3a-fpsa-a7at
10
vulnerability VCID-pegr-f5mh-ekdz
11
vulnerability VCID-qyz5-zmnt-qucy
12
vulnerability VCID-rwak-wvuw-qbcg
13
vulnerability VCID-sf98-mryd-yfb3
14
vulnerability VCID-sfzh-hn56-hbak
15
vulnerability VCID-t9y5-hd9b-bkc4
16
vulnerability VCID-wzdf-d9fv-u3hh
17
vulnerability VCID-x126-x9qm-e7d3
18
vulnerability VCID-xkd6-jvma-skfk
19
vulnerability VCID-y56y-5am7-wkhr
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby4-0-main@4.0.0-33.3%3Farch=hum1
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27820.json
reference_id
reference_type
scores
0
value 5.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27820.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27820
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02466
published_at 2026-04-21T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12746
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27820
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27820
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27820
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/zlib/CVE-2026-27820.yml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/zlib/CVE-2026-27820.yml
5
reference_url https://github.com/ruby/zlib
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/ruby/zlib
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27820
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27820
7
reference_url https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134341
reference_id 1134341
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134341
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2459002
reference_id 2459002
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2459002
10
reference_url https://hackerone.com/reports/3467067
reference_id 3467067
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T18:20:13Z/
url https://hackerone.com/reports/3467067
11
reference_url https://github.com/advisories/GHSA-g857-hhfv-j68w
reference_id GHSA-g857-hhfv-j68w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g857-hhfv-j68w
12
reference_url https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w
reference_id GHSA-g857-hhfv-j68w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value 5.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T18:20:13Z/
url https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w
13
reference_url https://access.redhat.com/errata/RHSA-2026:7305
reference_id RHSA-2026:7305
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7305
14
reference_url https://access.redhat.com/errata/RHSA-2026:7307
reference_id RHSA-2026:7307
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:7307
15
reference_url https://access.redhat.com/errata/RHSA-2026:8838
reference_id RHSA-2026:8838
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8838
Weaknesses
0
cwe_id 120
name Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
description The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
1
cwe_id 131
name Incorrect Calculation of Buffer Size
description The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
Exploits
Severity_range_score1.7 - 8.8
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-sfzh-hn56-hbak