Sign In

CVE-2026-22184

ADVISORY - nist

Summary

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.

EPSS Score: 0.00038 (0.112)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-787

Out-of-bounds Write

ADVISORY - redhat

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-22184
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-787

CVSS SCORE

4.6medium

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2026-22184
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2026-22184
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2026-22184
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

9.8medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2026-22184
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-120

CVSS SCORE

8.6high

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-4v8v-x7hx-h96w

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

UPDATED

ADVISORY ID

MINI-w4p6-33x2-v3jq

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY