CVE-2026-22184

high

Red Hat

CVSS v3 Base Score

8.6

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Published: January 7, 2026

Last Modified: January 7, 2026

Vendor: Red Hat

Description

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

CWE

CWE-120

Affected Products

Logging Subsystem for Red Hat OpenShiftRed Hat build of OpenJDK 11 ELSRed Hat build of OpenJDK 17Red Hat build of OpenJDK 1.8Red Hat build of OpenJDK 21Red Hat build of OpenJDK 25Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 seclists.org

CVE-2026-22184

Vulnerability Report

Description

CWE

Affected Products

References