CVE-2026-3381: Bundled Zlib Pre 1 3 2 Vulnerable
Bundled zlib appears to be a pre-1.3.2 version (ZLIB_VERNUM < 0x1320 or ZLIB_VERSION string matches a pre-1.3.2 release such as "1.3.1.2-audit"). Versions prior to zlib 1.3.2 lack the 7ASecurity audit hardening fixes (CVE-2026-3381 / CVE-2026-27171): missing negative-length checks in crc32_combine, uninitialized-memory disclosure in inflateCopy/deflateCopy,
greprules fetch cve-2026-3381-bundled-zlib-pre-1-3-2-vulnerable --engine opengrepDescription
Bundled zlib appears to be a pre-1.3.2 version (ZLIB_VERNUM < 0x1320 or ZLIB_VERSION string matches a pre-1.3.2 release such as "1.3.1.2-audit"). Versions prior to zlib 1.3.2 lack the 7ASecurity audit hardening fixes (CVE-2026-3381 / CVE-2026-27171): missing negative-length checks in crc32_combine, uninitialized-memory disclosure in inflateCopy/deflateCopy,
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.