CVE-2026-3381 | THREATINT

Description

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.

PUBLISHED Reserved 2026-02-28 | Published 2026-03-05 | Updated 2026-03-07 | Assigner CPANSec

Problem types

CWE-1395 Dependency on Vulnerable Third-Party Component

Product status

Default status

unaffected

Any version

affected

Timeline

2026-02-17:	zlib 1.3.2 released.
2026-02-27:	Compress::Raw::Zlib 2.220 released.

References

metacpan.org/.../PMQS/Compress-Raw-Zlib-2.221/source/Changes release-notes

github.com/madler/zlib

github.com/madler/zlib/releases/tag/v1.3.2 release-notes

7asecurity.com/blog/2026/02/zlib-7asecurity-audit/ technical-description

www.cve.org/CVERecord?id=CVE-2026-27171 vendor-advisory related vdb-entry

github.com/pmqs/Compress-Raw-Zlib/issues/41 issue-tracking

cve.org (CVE-2026-3381)

nvd.nist.gov (CVE-2026-3381)

Download JSON

help @ threatint.eu