A vulnerability categorized as critical has been discovered in ruby zlib up to 3.0.0/3.1.1/3.2.2. The affected element is the function zlib::GzipReader. Executing a manipulation can lead to buffer overflow. This vulnerability is handled as CVE-2026-27820. The attack can be executed remotely. It is advisable to upgrade the affected component.
| Vendor | Product | Versions |
|---|---|---|
| ruby | zlib | rubygems/zlib: >= 3.2.0, < 3.2.3, rubygems/zlib: >= 3.1.0, < 3.1.2, rubygems/zlib: < 3.0.1, rubygems/zlib: >= 3.3.5-7, < 3.3.5-8 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| open source | ruby | cert_advisory | 90% |
| rubygems | zlib | GHSA | 85% |
| su | suse linux | cert_advisory | 90% |
Updated affected versions to include ruby zlib 3.3.5-7 and changed patch available to zlib@3.3.5-8.
Updated severity to CRITICAL, added affected version 3.2.2, and noted that the vulnerability is actively exploited.
Initial creation
