VYPR
Critical severity9.8NVD Advisory· Published Apr 16, 2026· Updated May 21, 2026

CVE-2026-27820

CVE-2026-27820

Description

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
zlibRubyGems
>= 3.2.0, < 3.2.33.2.3
zlibRubyGems
>= 3.1.0, < 3.1.23.1.2
zlibRubyGems
< 3.0.13.0.1

Affected products

4

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.