{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3381", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2026-02-28T09:24:49.085Z", "datePublished": "2026-03-05T01:28:48.062Z", "dateUpdated": "2026-03-05T16:32:43.626Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "Compress-Raw-Zlib", "product": "Compress::Raw::Zlib", "repo": "https://github.com/pmqs/Compress-Raw-Zlib", "vendor": "PMQS", "versions": [{"lessThanOrEqual": "2.219", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.\n\nCompress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1395", "description": "CWE-1395 Dependency on Vulnerable Third-Party Component", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-03-05T01:28:48.062Z"}, "references": [{"tags": ["release-notes"], "url": "https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes"}, {"url": "https://www.zlib.net/"}, {"url": "https://github.com/madler/zlib"}, {"tags": ["release-notes"], "url": "https://github.com/madler/zlib/releases/tag/v1.3.2"}, {"tags": ["technical-description"], "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/"}, {"tags": ["vendor-advisory", "related", "vdb-entry"], "url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"}], "solutions": [{"lang": "en", "value": "Upgrade to Compress::Raw::Zlib 2.220 or later."}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2026-02-17T00:00:00.000Z", "value": "zlib 1.3.2 released."}, {"lang": "en", "time": "2026-02-27T00:00:00.000Z", "value": "Compress::Raw::Zlib 2.220 released."}], "title": "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib", "x_generator": {"engine": "cpansec-cna-tool 0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T16:31:41.264640Z", "id": "CVE-2026-3381", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T16:32:43.626Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.\n\nCompress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171."}], "id": "CVE-2026-3381", "lastModified": "2026-03-05T19:38:53.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-05T02:16:52.267", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://github.com/madler/zlib"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://github.com/madler/zlib/releases/tag/v1.3.2"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://www.zlib.net/"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "compress-raw-zlib: Compress::Raw::Zlib: Vulnerabilities due to outdated zlib library", "id": "2444733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444733"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-1104", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-3381", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "perl:5.32/perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-05T01:28:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3381\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3381\nhttps://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/\nhttps://github.com/madler/zlib\nhttps://github.com/madler/zlib/releases/tag/v1.3.2\nhttps://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes\nhttps://www.cve.org/CVERecord?id=CVE-2026-27171\nhttps://www.zlib.net/"], "threat_severity": "Important"}