CVE-2026-3381: Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib
Timothy Legge 05 Mar 2026 01:29 UTC
========================================================================
CVE-2026-3381 CPAN Security Group
========================================================================
CVE ID: CVE-2026-3381
Distribution: Compress-Raw-Zlib
Versions: through 2.219
MetaCPAN: https://metacpan.org/dist/Compress-Raw-Zlib
VCS Repo: https://github.com/pmqs/Compress-Raw-Zlib
Compress::Raw::Zlib versions through 2.219 for Perl use potentially
insecure versions of zlib
Description
-----------
Compress::Raw::Zlib versions through 2.219 for Perl use potentially
insecure versions of zlib.
Compress::Raw::Zlib includes a copy of the zlib library.
Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses
findings fron the 7ASecurity audit of zlib. The includes fixs for
CVE-2026-27171.
Problem types
-------------
- CWE-1395 Dependency on Vulnerable Third-Party Component
Solutions
---------
Upgrade to Compress::Raw::Zlib 2.220 or later.
References
----------
https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
https://www.zlib.net/
https://github.com/madler/zlib
https://github.com/madler/zlib/releases/tag/v1.3.2
https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/
https://www.cve.org/CVERecord?id=CVE-2026-27171
Timeline
--------
- 2026-02-17: zlib 1.3.2 released.
- 2026-02-27: Compress::Raw::Zlib 2.220 released.
