Fluid Attacks Database

Description

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.23	zlib	=1.2.10-r0 \|\| =1.2.11-r0 \|\| =1.2.11-r1 \|\| =1.2.11-r2 \|\| =1.2.11-r3 \|\| =1.2.11-r4 \|\| =1.2.12-r0 \|\| =1.2.12-r1 \|\| =1.2.12-r2 \|\| =1.2.12-r3 \|\| =1.2.13-r0 \|\| =1.2.13-r1 \|\| =1.2.13-r2 \|\| =1.2.3.3-r2 \|\| =1.2.3.3-r3 \|\| =1.2.3.3-r4 \|\| =1.2.3.3-r5 \|\| =1.2.3.3-r6 \|\| =1.2.3.3-r7 \|\| =1.2.3.4-r0 \|\| =1.2.3.4-r1 \|\| =1.2.3.7-r0 \|\| =1.2.3.7-r1 \|\| =1.2.3.9-r0 \|\| =1.2.4-r0 \|\| =1.2.4-r1 \|\| =1.2.5-r0 \|\| =1.2.5-r1 \|\| =1.2.5-r2 \|\| =1.2.6-r0 \|\| =1.2.7-r0 \|\| =1.2.7-r1 \|\| =1.2.8-r0 \|\| =1.2.8-r1 \|\| =1.2.8-r2 \|\| =1.3-r0 \|\| =1.3-r1 \|\| =1.3-r2 \|\| =1.3.1-r0 \|\| =1.3.1-r1 \|\| =1.3.1-r2 \|\| >=0 <1.3.2-r0	1.3.2-r0
debian 14	zlib	=1:1.3.dfsg+really1.3.1-1 \|\| =1:1.3.dfsg+really1.3.1-2 \|\| =1:1.3.dfsg+really1.3.1-3 \|\| >=0 <1:1.3.dfsg+really1.3.2-1	1:1.3.dfsg+really1.3.2-1
debian 11	zlib	=1:1.2.11.dfsg-2 \|\| =1:1.2.11.dfsg-2+deb11u1 \|\| =1:1.2.11.dfsg-2+deb11u2 \|\| =1:1.2.11.dfsg-3 \|\| =1:1.2.11.dfsg-4 \|\| =1:1.2.11.dfsg-4.1 \|\| =1:1.2.13.dfsg-1 \|\| =1:1.2.13.dfsg-2 \|\| =1:1.2.13.dfsg-3 \|\| =1:1.3.dfsg+really1.3.1-1 \|\| =1:1.3.dfsg+really1.3.1-2 \|\| =1:1.3.dfsg+really1.3.1-3 \|\| =1:1.3.dfsg+really1.3.2-1 \|\| =1:1.3.dfsg+really1.3.2-2 \|\| =1:1.3.dfsg+really1.3.2-3 \|\| =1:1.3.dfsg-1 \|\| =1:1.3.dfsg-2 \|\| =1:1.3.dfsg-3 \|\| =1:1.3.dfsg-3.1 \|\| =1:1.3.dfsg-3.1~exp1	-
debian 13	zlib	=1:1.3.dfsg+really1.3.1-1 \|\| =1:1.3.dfsg+really1.3.1-2 \|\| =1:1.3.dfsg+really1.3.1-3 \|\| =1:1.3.dfsg+really1.3.2-1 \|\| =1:1.3.dfsg+really1.3.2-2 \|\| =1:1.3.dfsg+really1.3.2-3	-
debian 12	zlib	=1:1.2.13.dfsg-1 \|\| =1:1.2.13.dfsg-2 \|\| =1:1.2.13.dfsg-3 \|\| =1:1.3.dfsg+really1.3.1-1 \|\| =1:1.3.dfsg+really1.3.1-2 \|\| =1:1.3.dfsg+really1.3.1-3 \|\| =1:1.3.dfsg+really1.3.2-1 \|\| =1:1.3.dfsg+really1.3.2-2 \|\| =1:1.3.dfsg+really1.3.2-3 \|\| =1:1.3.dfsg-1 \|\| =1:1.3.dfsg-2 \|\| =1:1.3.dfsg-3 \|\| =1:1.3.dfsg-3.1 \|\| =1:1.3.dfsg-3.1~exp1	-
rpm rhel10	java-25-openjdk	-	-
rpm rhel9	mysql	-	-
rpm rhel8	mysql	-	-
rpm rhel8	java-21-openjdk	-	-
rpm rhel9	java-21-openjdk	-	-

1-10 of 31

Aliases

1. CVE-2026-271712. NVD-2026-271713. OSV-ALPINE-2026-271714. OSV-2026-271715. OSV-DEBIAN-2026-271716. SECURITY-CVE-2026-271717. SECURITY-TRACKER-CVE-2026-27171

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.