vulnerability

Alpine Linux: CVE-2026-27820: Classic Buffer Overflow

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:N/A:P)	Apr 16, 2026	Apr 17, 2026	Apr 17, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Apr 16, 2026

Added

Apr 17, 2026

Modified

Apr 17, 2026

Description

zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstream_buffer_ungets function prepends caller-provided bytes ahead of previously produced output but fails to guarantee the backing Ruby string has enough capacity before the memmove shifts the existing data. This can lead to memory corruption when the buffer length exceeds capacity. This issue has been fixed in versions 3.0.1, 3.1.2 and 3.2.3.

Solution

alpine-linux-upgrade-ruby

References

CVE-2026-27820
https://attackerkb.com/topics/CVE-2026-27820
https://security.alpinelinux.org/vuln/CVE-2026-27820
https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23278
CWE-120
CWE-131
EUVD-EUVD-2026-23278

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report