JLSEC-2026-480

See a problem?
Please try reporting it to the source first.

Source

https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-480.md

Import Source

https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-480.json

JSON Data

https://api.osv.dev/v1/vulns/JLSEC-2026-480

Upstream

CVE-2026-27171

EUVD-2026-8063

GHSA-h858-mf2m-8jf4

Published

2026-05-07T17:36:47.122Z

Modified

2026-06-08T14:15:04.486662784Z

Severity

2.9 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because...

Details

zlib before 1.3.2 allows CPU consumption via crc32combine64 and crc32combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.

Database specific

{
    "sources": [
        {
            "modified": "2026-03-25T21:27:04.603Z",
            "database_specific": {
                "status": "Analyzed"
            },
            "published": "2026-02-18T04:16:01.263Z",
            "id": "CVE-2026-27171",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-27171",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171",
            "imported": "2026-06-08T13:56:00.710Z"
        },
        {
            "modified": "2026-02-18T06:30:19Z",
            "id": "GHSA-h858-mf2m-8jf4",
            "published": "2026-02-18T06:30:18Z",
            "html_url": "https://github.com/advisories/GHSA-h858-mf2m-8jf4",
            "url": "https://api.github.com/advisories/GHSA-h858-mf2m-8jf4",
            "imported": "2026-06-08T13:56:03.761Z"
        },
        {
            "modified": "2026-02-18T13:38:55Z",
            "published": "2026-02-18T02:36:19Z",
            "id": "EUVD-2026-8063",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-8063",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-8063",
            "imported": "2026-06-08T13:56:02.020Z"
        }
    ],
    "license": "CC-BY-4.0"
}

References

Affected packages

Julia / Openresty_jll

Package

Name: Openresty_jll
Purl: pkg:julia/Openresty_jll?uuid=87da34d4-7b1b-5a94-8376-8cb65bf3132c

Affected ranges

Type: SEMVER
Events: Introduced

1.21.4+0

Fixed

1.29.203+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-480.json"

Julia / Zlib_jll

Package

Name: Zlib_jll
Purl: pkg:julia/Zlib_jll?uuid=83775a58-1f1d-513f-b197-d71354ab007a

Affected ranges

Type: SEMVER
Events: Introduced

1.2.12+3

Fixed

1.3.2+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-480.json"

Julia / fmusim_jll

Package

Name: fmusim_jll
Purl: pkg:julia/fmusim_jll?uuid=76f9bd7a-1c05-5050-ae3f-1be9af76d548

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.0.39001+0

Database specific

source

"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-480.json"