CVE-2026-27171
MEDIUM EPSS 10.4%
Published Feb 18, 20264mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Feb 18, 2026 4mo ago
Last Modified Jun 17, 2026 2w ago
Description
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
10.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-1284
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| zlib | zlib | * | ≥1.2.12 – <1.3.2 |
References 5
- 7asecurity.com https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/
- 7asecurity.com https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf
- github.com https://github.com/madler/zlib/issues/904
- github.com https://github.com/madler/zlib/releases/tag/v1.3.2
- ostif.org https://ostif.org/zlib-audit-complete/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.