Search

Search is not available in local development.
Run npx pagefind --site __site after building to enable it.

JLSEC-2026-480 Low 2.9

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because...

Source Edit History OSV JSON (OSV)

JLSEC Published: May 7, 2026
Modified: May 7, 2026
Severity: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Packages: Openresty_jll >= 1.21.4+0, < 1.29.203+0
Zlib_jll >= 1.2.12+3, < 1.3.2+0
Aliases / Upstream: CVE-2026-27171 GHSA-h858-mf2m-8jf4 EUVD-2026-8063

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

References