{"id":"CVE-2026-27171","details":"zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.","modified":"2026-04-26T09:59:16.508634887Z","published":"2026-02-18T04:16:01.263Z","related":["CGA-624v-j5jq-2hph","SUSE-SU-2026:0783-1","SUSE-SU-2026:20659-1","SUSE-SU-2026:20709-1","SUSE-SU-2026:21013-1","SUSE-SU-2026:21151-1","openSUSE-SU-2026:10617-1","openSUSE-SU-2026:20487-1"],"references":[{"type":"WEB","url":"https://ostif.org/zlib-audit-complete/"},{"type":"ADVISORY","url":"https://github.com/madler/zlib/releases/tag/v1.3.2"},{"type":"REPORT","url":"https://github.com/madler/zlib/issues/904"},{"type":"ARTICLE","url":"https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/"},{"type":"ARTICLE","url":"https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/madler/zlib","events":[{"introduced":"0"},{"fixed":"da607da739fa6047df13e66a2af6b8bec7c2a498"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.3.2"}]}}],"versions":["v0.71","v0.79","v0.8","v0.9","v0.91","v0.92","v0.93","v0.94","v0.95","v0.99","v1.0-pre","v1.0.1","v1.0.2","v1.0.4","v1.0.5","v1.0.7","v1.0.8","v1.0.9","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.2.0","v1.2.0.1","v1.2.0.2","v1.2.0.3","v1.2.0.4","v1.2.0.5","v1.2.0.6","v1.2.0.7","v1.2.0.8","v1.2.1","v1.2.1.1","v1.2.1.2","v1.2.10","v1.2.11","v1.2.12","v1.2.13","v1.2.2","v1.2.2.1","v1.2.2.2","v1.2.2.3","v1.2.2.4","v1.2.3","v1.2.3.1","v1.2.3.2","v1.2.3.3","v1.2.3.4","v1.2.3.5","v1.2.3.6","v1.2.3.7","v1.2.3.8","v1.2.3.9","v1.2.4","v1.2.4-pre1","v1.2.4-pre2","v1.2.4.1","v1.2.4.2","v1.2.4.3","v1.2.4.4","v1.2.4.5","v1.2.5","v1.2.5.1","v1.2.5.2","v1.2.5.3","v1.2.6","v1.2.6.1","v1.2.7","v1.2.7.1","v1.2.7.2","v1.2.7.3","v1.2.8","v1.2.9","v1.3","v1.3.1","v1.3.1.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-27171.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}