CVE-2026-27820.yml

---
gem: zlib
cve: 2026-27820
ghsa: g857-hhfv-j68w
url: https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820
title: Buffer overflow vulnerability in Zlib::GzipReader
date: 2026-03-05
description: |
  A buffer overflow vulnerability exists in Zlib::GzipReader.
  This vulnerability has been assigned the CVE identifier
  CVE-2026-27820. We recommend upgrading the zlib gem.

  ## Details

  The zstream_buffer_ungets function prepends caller-provided bytes
  ahead of previously produced output but fails to guarantee the
  backing Ruby string has enough capacity before the memmove shifts
  the existing data. This can lead to memory corruption when the
  buffer length exceeds capacity.

  ## Recommended action

  We recommend to update the zlib gem to version 3.2.3 or later.
  In order to ensure compatibility with bundled version in older
  Ruby series, you may update as follows instead:

  * For Ruby 3.2 users: Update to zlib 3.0.1
  * For Ruby 3.3 users: Update to zlib 3.1.2
  * You can use gem update zlib to update it. If you are using
     bundler, please add gem "zlib", ">= 3.2.3" to your Gemfile.

  ## Affected versions:

  zlib gem 3.2.2 or lower

  ## Credits

  Thanks to calysteon for reporting this issue. Also thanks to
  nobu for creating the patch.
patched_versions:
  - "~> 3.0.1"
  - "~> 3.1.2"
  - ">= 3.2.3"
related:
  url:
    - https://www.ruby-lang.org/en/news/2026/03/05/buffer-overflow-zlib-cve-2026-27820
    - https://rubygems.org/gems/zlib/versions/3.2.3
    - https://rubygems.org/gems/zlib/versions/3.1.2
    - https://rubygems.org/gems/zlib/versions/3.0.1