CVE-2026-22184

CVSS v4.0

9.3

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions zlib versions up to and including 1.3.1.2

Description zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the

untgz

utility. The

TGZfname()

function uses an unbounded

strcpy()

call to copy an attacker-supplied archive name from

argv[]

into a fixed-size 1024-byte static global buffer without validating the length. Providing an archive name exceeding 1024 bytes results in an out-of-bounds write, potentially leading to memory corruption, denial of service, and code execution, dependent on compiler, build flags, architecture, and memory layout. This overflow occurs before any archive parsing or validation.

Recommendations Update to zlib version 1.3.1.3 or higher. Monitor for

untgz

executions involving unusually long filenames in logs.

Exploit

Fix

RCE

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2026-22184

Affected Products

Zlib

CVE-2026-22184

Weakness Enumeration

Related Identifiers

Affected Products

References · 18