gzip integer overflow
Description
Integer overflow in libcurl's gzip decompression when using zlib ≤1.2.0.3 leads to buffer overflow; fixed in curl 8.12.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in libcurl's gzip decompression when using zlib ≤1.2.0.3 leads to buffer overflow; fixed in curl 8.12.0.
Vulnerability
When libcurl is configured to perform automatic gzip decompression of HTTP responses via CURLOPT_ACCEPT_ENCODING, and the runtime zlib version is 1.2.0.3 or older, an integer overflow in the decompression logic can cause a buffer overflow. This code path is only taken for these ancient zlib versions. Affected curl versions: 7.10.5 through 8.11.1 inclusive. Versions before 7.10.5 and after 8.12.0 are not affected [1].
Exploitation
An attacker must control an HTTP response that includes gzip content-encoding and craft the compressed data to trigger the integer overflow. No authentication is required; the attack can be performed by a malicious server or via a man-in-the-middle position. The overflow occurs during the decompression of the response body [1].
Impact
Successful exploitation results in a buffer overflow, potentially leading to memory corruption and arbitrary code execution. However, the severity is rated Low because the vulnerable code path is only reachable when using a zlib version older than 1.2.0.4 (released in 2003), which itself has numerous other security issues [1].
Mitigation
The vulnerability is fixed in curl 8.12.0, which removes support for zlib versions older than 1.2.0.4. Users should upgrade to curl 8.12.0 or later. If upgrading is not immediately possible, ensure that the system's zlib version is 1.2.0.4 or newer. No other workaround is available [1].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
38- osv-coords37 versionspkg:apk/chainguard/curlpkg:apk/chainguard/curl-devpkg:apk/chainguard/curl-docpkg:apk/chainguard/curl-oci-entrypointpkg:apk/chainguard/curl-staticpkg:apk/chainguard/libcurl4pkg:apk/chainguard/libcurl-openssl4pkg:apk/wolfi/curlpkg:apk/wolfi/curl-devpkg:apk/wolfi/curl-docpkg:apk/wolfi/curl-oci-entrypointpkg:apk/wolfi/curl-staticpkg:apk/wolfi/libcurl4pkg:apk/wolfi/libcurl-openssl4pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/curl&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Installer%20Updates%2015%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/curl&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/curl&distro=SUSE%20Manager%20Server%204.3
< 8.12.0-r0+ 36 more
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.6.0-150600.4.21.1
- (no CPE)range: < 7.66.0-150200.4.84.1
- (no CPE)range: < 7.66.0-150200.4.84.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 7.66.0-150200.4.84.1
- (no CPE)range: < 7.66.0-150200.4.84.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 8.6.0-150600.4.21.1
- (no CPE)range: < 8.0.1-11.105.1
- (no CPE)range: < 7.66.0-150200.4.84.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 8.0.1-150400.5.62.1
- (no CPE)range: < 7.66.0-150200.4.84.1
- (no CPE)range: < 8.0.1-11.105.1
- (no CPE)range: < 8.6.0-6.1
- (no CPE)range: < 8.0.1-150400.5.62.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
3News mentions
0No linked articles in our index yet.