{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3381", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2026-02-28T09:24:49.085Z", "datePublished": "2026-03-05T01:28:48.062Z", "dateUpdated": "2026-03-11T15:00:11.466Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "Compress-Raw-Zlib", "product": "Compress::Raw::Zlib", "repo": "https://github.com/pmqs/Compress-Raw-Zlib", "vendor": "PMQS", "versions": [{"lessThanOrEqual": "2.219", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.\n\nCompress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1395", "description": "CWE-1395 Dependency on Vulnerable Third-Party Component", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-03-07T15:44:59.956Z"}, "references": [{"tags": ["release-notes"], "url": "https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes"}, {"url": "https://www.zlib.net/"}, {"url": "https://github.com/madler/zlib"}, {"tags": ["release-notes"], "url": "https://github.com/madler/zlib/releases/tag/v1.3.2"}, {"tags": ["technical-description"], "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/"}, {"tags": ["vendor-advisory", "related", "vdb-entry"], "url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"}, {"tags": ["issue-tracking"], "url": "https://github.com/pmqs/Compress-Raw-Zlib/issues/41"}], "solutions": [{"lang": "en", "value": "Upgrade to Compress::Raw::Zlib 2.220 or later."}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2026-02-17T00:00:00.000Z", "value": "zlib 1.3.2 released."}, {"lang": "en", "time": "2026-02-27T00:00:00.000Z", "value": "Compress::Raw::Zlib 2.220 released."}], "title": "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib", "x_generator": {"engine": "cpansec-cna-tool 0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-05T16:31:41.264640Z", "id": "CVE-2026-3381", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:00:11.466Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-3381", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-05T16:31:41.264640Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-05T16:32:39.592Z"}}], "cna": {"title": "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib", "source": {"discovery": "UNKNOWN"}, "affected": [{"repo": "https://github.com/pmqs/Compress-Raw-Zlib", "vendor": "PMQS", "product": "Compress::Raw::Zlib", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.219"}], "packageName": "Compress-Raw-Zlib", "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-17T00:00:00.000Z", "value": "zlib 1.3.2 released."}, {"lang": "en", "time": "2026-02-27T00:00:00.000Z", "value": "Compress::Raw::Zlib 2.220 released."}], "solutions": [{"lang": "en", "value": "Upgrade to Compress::Raw::Zlib 2.220 or later."}], "references": [{"url": "https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes", "tags": ["release-notes"]}, {"url": "https://www.zlib.net/"}, {"url": "https://github.com/madler/zlib"}, {"url": "https://github.com/madler/zlib/releases/tag/v1.3.2", "tags": ["release-notes"]}, {"url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "tags": ["technical-description"]}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-27171", "tags": ["vendor-advisory", "related", "vdb-entry"]}, {"url": "https://github.com/pmqs/Compress-Raw-Zlib/issues/41", "tags": ["issue-tracking"]}], "x_generator": {"engine": "cpansec-cna-tool 0.1"}, "descriptions": [{"lang": "en", "value": "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.\n\nCompress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1395", "description": "CWE-1395 Dependency on Vulnerable Third-Party Component"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-03-07T15:44:59.956Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3381", "state": "PUBLISHED", "dateUpdated": "2026-03-11T15:00:11.466Z", "dateReserved": "2026-02-28T09:24:49.085Z", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "datePublished": "2026-03-05T01:28:48.062Z", "assignerShortName": "CPANSec"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pmqs:compress\\:\\:raw\\:\\:zlib:*:*:*:*:*:perl:*:*", "matchCriteriaId": "CF12AE53-1C97-4000-9D26-291171523E44", "versionEndIncluding": "2.219", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib.\n\nCompress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171."}, {"lang": "es", "value": "Las versiones de Compress::Raw::Zlib hasta la 2.219 para Perl utilizan versiones de zlib potencialmente inseguras.\nCompress::Raw::Zlib incluye una copia de la biblioteca zlib. La versi\u00f3n 2.220 de Compress::Raw::Zlib incluye zlib 1.3.2, que aborda los hallazgos de la auditor\u00eda de zlib realizada por 7ASecurity. Incluye correcciones para CVE-2026-27171."}], "id": "CVE-2026-3381", "lastModified": "2026-03-18T19:26:39.577", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-05T02:16:52.267", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Third Party Advisory"], "url": "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Product"], "url": "https://github.com/madler/zlib"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Release Notes"], "url": "https://github.com/madler/zlib/releases/tag/v1.3.2"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Issue Tracking"], "url": "https://github.com/pmqs/Compress-Raw-Zlib/issues/41"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Product", "Release Notes"], "url": "https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Product"], "url": "https://www.zlib.net/"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "compress-raw-zlib: Compress::Raw::Zlib: Vulnerabilities due to outdated zlib library", "id": "2444733", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444733"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-1104", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-3381", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "perl:5.32/perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "perl-Compress-Raw-Zlib", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-05T01:28:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3381\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3381\nhttps://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/\nhttps://github.com/madler/zlib\nhttps://github.com/madler/zlib/releases/tag/v1.3.2\nhttps://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes\nhttps://www.cve.org/CVERecord?id=CVE-2026-27171\nhttps://www.zlib.net/"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.219]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Compress::Raw::Zlib", "source": "cna", "vendor": "PMQS"}, "product": "compress::raw::zlib", "vendor": "pmqs"}], "created": "2026-03-06T15:18:02.275643+00:00", "updated": "2026-03-06T15:18:02.275718+00:00", "vendors": ["pmqs", "pmqs$PRODUCT$compress::raw::zlib"]}