CVE-2026-3381 — Use of Unmaintained Third Party Components in Libcompress-raw-zlib-perl

CWE-1104 — Use of Unmaintained Third Party Components CWE-1284 — Improper Validation of Specified Quantity in Input CWE-1395 — Dependency on Vulnerable Third-Party Component16 documents8 sources

Severity

9.8CRITICALNVD

OSV5.5

EPSS

0.0%

top 89.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Libcompress-raw-zlib-perl Debian Perl +21 more

Timeline

PublishedMar 5

Latest updateMar 29

Description

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages25 packages

▶debiandebian/libcompress-raw-zlib-perl< libcompress-raw-zlib-perl 2.011-2 (bookworm)

▶NVDpmqs/compress2.219

▶debiandebian/perl< perl 5.10.0-21 (bookworm)

▶Alpineperl/perl< 0

▶Debianperl/perl< 5.10.0-21+3

🔴Vulnerability Details

OSV

CVE-2026-4176: Perl versions from 5↗2026-03-29

▶

OSV

CVE-2026-4176: Perl versions from 5↗2026-03-29

▶

GHSA

GHSA-q2q4-jjp8-f6m3: Perl versions from 5↗2026-03-29

▶

OSV

CVE-2026-3381: Compress::Raw::Zlib versions through 2↗2026-03-05

▶

GHSA

GHSA-jvq4-fjjq-g6w7: Compress::Raw::Zlib versions through 2↗2026-03-05

▶

📋Vendor Advisories

Red Hat

Perl: Compress::Raw::Zlib: zlib: Perl: Multiple vulnerabilities due to an outdated vendored zlib library↗2026-03-29

▶

Microsoft

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib↗2026-03-10

▶

Red Hat

compress-raw-zlib: Compress::Raw::Zlib: Vulnerabilities due to outdated zlib library↗2026-03-05

▶

Debian

CVE-2026-3381: libcompress-raw-zlib-perl - Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure ver...↗2026

▶

Debian

CVE-2026-4176: perl - Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from ...↗2026

▶

🕵️Threat Intelligence

Bleepingcomputer

Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws↗2026-03-10

▶

Wiz

CVE-2026-4176 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-3381 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶