CVE-2026-27171

low Red Hat
CVSS v3 Base Score
2.9
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Published: February 18, 2026
Last Modified: February 18, 2026
Vendor: Red Hat

Description

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

CWE

CWE-835

Affected Products

Logging Subsystem for Red Hat OpenShiftRed Hat build of OpenJDK 11 ELSRed Hat build of OpenJDK 17Red Hat build of OpenJDK 1.8Red Hat build of OpenJDK 21Red Hat build of OpenJDK 25Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 7asecurity.com 🔗 7asecurity.com