CRITICAL🇵🇱 Wersja polska

CVE-2026-3381

CVSS 9.8v3.1pub. 2026-03-05upd. 2026-03-18

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.

🤖 AI Analysis
How it works

Compress::Raw::Zlib includes its own bundled copy of the zlib library instead of using the system version. Versions up to 2.219 contain a version of zlib that has vulnerabilities identified during the security audit conducted by 7ASecurity. Version 2.220 of the module updated the bundled library to zlib 1.3.2, which includes fixes for the identified issues, including CVE-2026-27171. The vulnerability is related to improper validation of input data (CWE-1284), which can lead to unexpected behavior when processing compressed data.

Impact

An attacker can remotely, without authentication, compromise the confidentiality, integrity, and availability of a system using the vulnerable Perl module.

Mitigation & patch

Update the Compress::Raw::Zlib module to version 2.220 or newer (e.g., 2.221), which includes zlib 1.3.2 with security fixes identified during the 7ASecurity audit. The update is available in the CPAN repository.

Who is affected

Compress::Raw::Zlib for Perl in versions up to and including 2.219

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Pmqs Compress\

    APP
    Pmqs
    \
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References