A buffer overflow vulnerability (CVE-2026-27820) has been discovered in the Ruby zlib gem's Zlib::GzipReader. The flaw exists in the zstream_buffer_ungets function, which fails to ensure sufficient buffer capacity before shifting existing data via memmove, potentially causing memory corruption. Users are advised to upgrade: Ruby 3.2 users should update to zlib 3.0.1, Ruby 3.3 users to zlib 3.1.2, and all others to zlib 3.2.3 or later. The vulnerability affects zlib gem versions 3.2.2 and below.
Sort: