Post · bonfire.cafe

Post

sev:CRIT BoF in zlib.

zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.

https://www.cve.org/CVERecord?id=CVE-2026-22184

Federation Bot

@Federation_Bot replied · 4 days ago

@cR0w brb I'll just update the _gazillion_ embedded zlib libraries in ... EVERYTHING

cR0w h0 h0

@cR0w@infosec.exchange replied · 4 days ago

@troed Yeah, I tried to not overhype it because IDK what all versions are where, but it's all over the place. It could be an interesting one to watch for sure.

dch :flantifa: :flan_hacker:

@dch@bsd.network replied · 4 days ago

@cR0w they‘ll be digging fragments of zlib out of our graves @troed

Federation Bot

@Federation_Bot replied · 4 days ago

@cR0w brb I'll just update the _gazillion_ embedded zlib libraries in ... EVERYTHING

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.1-beta.22 no JS en

Automatic federation enabled