Discovery API Icon
Discovery API
Security Advisory Icon
Security Advisory
Package Manager Icon
Package Manager
Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2026-27171

Published: February 21, 2026Last modified: February 26, 2026

Description

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Severity score breakdown

ParameterValue
Base score5.5
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSzlibFixed (1.2.13-r1)
25 LTSzlibFixed (1.3.2-r0)
StreamzlibFixed (1.3.2-r0)
Hardened Containers23 LTSzlibFixed (1.2.13-r1)
25 LTSzlibFixed (1.3.2-r0)
StreamzlibFixed (1.3.2-r0)

References

ON THIS PAGE