CVE-2026-27820

medium Red Hat
CVSS v3 Base Score
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
Low
Integrity
Low
Availability
Low
Published: April 16, 2026 (27 days ago)
Last Modified: April 16, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in zlib, a Ruby interface for the zlib compression/decompression library. The Zlib::GzipReader component contains a buffer overflow vulnerability. This occurs because the zstream_buffer_ungets function does not ensure sufficient memory capacity before moving existing data, which can lead to memory corruption. An attacker could potentially exploit this to cause unexpected behavior or system instability.

CWE

CWE-131

Affected Products

Red Hat Enterprise Linux 10Red Hat Hardened Images

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 hackerone.com