CVE-2026-27820
zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.
| CWE | CWE-120 CWE-131 |
| Vendor | ruby |
| Product | zlib |
| Ecosystems | |
| Industries | Technology |
| Published | Apr 16, 2026 |
| Last Updated | Apr 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for ruby zlib
Be the first to know when new unknown vulnerabilities affecting ruby zlib are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
ruby / zlib
< 3.0.1 >= 3.1.0, < 3.1.2 >= 3.2.0, < 3.2.3