Buffer Overflow Vulnerability in zlib Ruby Interface from Ruby
CVE-2026-27820

1.7LOW

Key Information:

Vendor: Ruby
Status: Zlib
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-27820?

A buffer overflow vulnerability exists in the zlib Ruby interface, specifically in the Zlib::GzipReader. The flaw lies within the zstream_buffer_ungets function, as it incorrectly handles input bytes, potentially leading to memory corruption when the data being written exceeds the available buffer capacity. This issue has been addressed in the updates with versions 3.0.1, 3.1.2, and 3.2.3, which remedy the flawed memory handling.

Affected Version(s)

zlib < 3.0.1 < 3.0.1

zlib >= 3.1.0, < 3.1.2 < 3.1.0, 3.1.2

zlib >= 3.2.0, < 3.2.3 < 3.2.0, 3.2.3

References

https://github.com/ruby/zlib/security/advisories/GHSA-g85...

x_refsource_CONFIRM

https://hackerone.com/reports/3467067

x_refsource_MISC

CVSS V4

Score:

1.7

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Feb 24, 2026

CVE-2026-27820 Data

JSON