{"id":"JLSEC-2026-480","summary":"zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because...","details":"zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.","modified":"2026-05-07T18:02:33.421563975Z","published":"2026-05-07T17:36:47.122Z","upstream":["CVE-2026-27171","EUVD-2026-8063","GHSA-h858-mf2m-8jf4"],"database_specific":{"sources":[{"modified":"2026-03-25T21:27:04.603Z","database_specific":{"status":"Analyzed"},"imported":"2026-05-07T17:21:39.899Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27171","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-27171","published":"2026-02-18T04:16:01.263Z","id":"CVE-2026-27171"},{"modified":"2026-02-18T06:30:19Z","imported":"2026-05-07T17:21:43.116Z","html_url":"https://github.com/advisories/GHSA-h858-mf2m-8jf4","url":"https://api.github.com/advisories/GHSA-h858-mf2m-8jf4","published":"2026-02-18T06:30:18Z","id":"GHSA-h858-mf2m-8jf4"},{"modified":"2026-02-18T13:38:55Z","imported":"2026-05-07T17:21:41.315Z","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-8063","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-8063","published":"2026-02-18T02:36:19Z","id":"EUVD-2026-8063"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit"},{"type":"WEB","url":"https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/"},{"type":"WEB","url":"https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf"},{"type":"WEB","url":"https://github.com/advisories/GHSA-h858-mf2m-8jf4"},{"type":"WEB","url":"https://github.com/madler/zlib/issues/904"},{"type":"WEB","url":"https://github.com/madler/zlib/releases/tag/v1.3.2"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27171"},{"type":"WEB","url":"https://ostif.org/zlib-audit-complete"},{"type":"WEB","url":"https://ostif.org/zlib-audit-complete/"}],"affected":[{"package":{"name":"Openresty_jll","ecosystem":"Julia","purl":"pkg:julia/Openresty_jll?uuid=87da34d4-7b1b-5a94-8376-8cb65bf3132c"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.21.4+0"},{"fixed":"1.29.203+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-480.json"}},{"package":{"name":"Zlib_jll","ecosystem":"Julia","purl":"pkg:julia/Zlib_jll?uuid=83775a58-1f1d-513f-b197-d71354ab007a"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.2.12+3"},{"fixed":"1.3.2+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-480.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}