Fluid Attacks Database

Description

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib.

Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	perl	>=0 <5.10.0-21	5.10.0-21
debian 13	perl	>=0 <5.10.0-21	5.10.0-21
rpm rhel8	perl	-	-
alpine v3.23	perl	>=0 <0	0
debian 11	perl	>=0 <5.10.0-21	5.10.0-21
debian 12	perl	>=0 <5.10.0-21	5.10.0-21

Aliases

1. CVE-2026-41762. NVD-2026-41763. OSV-DEBIAN-2026-41764. OSV-2026-41765. OSV-ALPINE-2026-41766. SECURITY-TRACKER-CVE-2026-41767. SECURITY-CVE-2026-4176

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.