Primary

Context

Perl Compress::Raw::Zlib Vulnerability in Dual-Life Core Module

Vulnerability

A vulnerability exists in the Perl dual-life core module Compress::Raw::Zlib, affecting versions from 5.9.4 prior to 5.40.4-RC1, and from 5.41.0 prior to 5.42.2-RC1. The issue arises from a bundled version of zlib that contains multiple vulnerabilities, including those identified in CVE-2026-27171. This vulnerability in zlib was highlighted in a 7ASecurity audit. The problem has been addressed in Compress::Raw::Zlib version 2.220, which is included in Perl 5.40.4-RC1 and 5.42.2-RC1.

Impact

Exploitation of this vulnerability could lead to the use of insecure zlib functions, potentially allowing for data corruption or manipulation during compression or decompression processes.

Remediation

Users can upgrade to Compress::Raw::Zlib version 2.220 or later to address this vulnerability.

Added: Mar 29, 2026, 9:19 PM

Updated: Mar 29, 2026, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

7.5

remediation

0.0

relevance

4.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

7.5

remediation

0.0

relevance

4.9

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Perl Compress::Raw::Zlib Vulnerability in Dual-Life Core Module

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating