CVE-2026-22184: zlib <= 1.3.1.2 untgz Global Buffer Overflow in TGZfname()

Overview

Severity

Critical (CVSS 9.8)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Status

Not Exploited

Patch Tuesday

2026-Jan

Released

2026-01-09

Last Updated

2026-01-12

EPSS Score

0.02% (percentile: 4.2%)

Affected Products (31)

Open Source Software

• azl3 ceph 18.2.2-12 on Azure Linux 3.0
• azl3 crash 9.0.0-1 on Azure Linux 3.0
• cbl2 binutils 2.37-19 on CBL Mariner 2.0
• azl3 python-tensorboard 2.16.2-6 on Azure Linux 3.0
• cbl2 nmap 7.93-3 on CBL Mariner 2.0
• azl3 rubygem-mini_portile2 2.8.4-1 on Azure Linux 3.0
• cbl2 rubygem-mini_portile2 2.8.0-1 on CBL Mariner 2.0
• cbl2 rust 1.72.0-11 on CBL Mariner 2.0
• cbl2 tensorflow 2.11.1-2 on CBL Mariner 2.0
• azl3 binutils 2.41-10 on Azure Linux 3.0
• azl3 boost 1.83.0-2 on Azure Linux 3.0
• azl3 gdb 13.2-6 on Azure Linux 3.0
• cbl2 boost 1.76.0-4 on CBL Mariner 2.0
• cbl2 ceph 16.2.10-11 on CBL Mariner 2.0
• cbl2 cloud-hypervisor 32.0-7 on CBL Mariner 2.0
• cbl2 crash 8.0.1-5 on CBL Mariner 2.0
• cbl2 gcc 11.2.0-9 on CBL Mariner 2.0
• cbl2 gdb 11.2-10 on CBL Mariner 2.0
• cbl2 keras 2.11.0-3 on CBL Mariner 2.0
• cbl2 python-tensorboard 2.11.0-3 on CBL Mariner 2.0
• azl3 rust 1.75.0-22 on Azure Linux 3.0
• azl3 rust 1.86.0-10 on Azure Linux 3.0

Mariner

• azl3 gcc 13.2.0-7 on Azure Linux 3.0
• cbl2 grpc 1.42.0-11 on CBL Mariner 2.0
• azl3 nmap 7.95-2 on Azure Linux 3.0
• azl3 tcl 8.6.13-3 on Azure Linux 3.0
• azl3 zlib 1.3.1-1 on Azure Linux 3.0
• azl3 grpc 1.62.3-1 on Azure Linux 3.0
• azl3 tensorflow 2.16.1-9 on Azure Linux 3.0
• cbl2 tcl 8.6.13-3 on CBL Mariner 2.0
• cbl2 zlib 1.2.13-2 on CBL Mariner 2.0

Revision History

• 2026-01-09: Information published.
• 2026-01-11: Information published.
• 2026-01-12: Information published.