VDB
ALPINE-CVE-2026-22184
ALPINE-CVE-2026-22184
PUBLISHED
CVSS 7.800000190734863 HIGH
zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.22 | zlib | 0, 1.3.1-r2, 1.3.1-r1 |
| Alpine:v3.23 | zlib | 1.2.3.7-r1, 0, 1.2.10-r0 |
| Alpine:v3.20 | zlib | 1.3.1-r0, 1.2.10-r0, 1.2.11-r1 |
| Alpine:v3.21 | zlib | 1.2.8-r2, 1.2.8-r1, 1.2.8-r0 |
Timeline
- Jan 7, 2026 CVE Published
- Apr 14, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch