UBUNTU-CVE-2026-4176

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-4176

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4176.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-4176

Upstream

CVE-2026-4176

Published

2026-03-29T21:16:00Z

Modified

2026-04-22T16:32:51.499994Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

References

Affected packages

Ubuntu:Pro:14.04:LTS / perl

Package

Name: perl
Purl: pkg:deb/ubuntu/perl@5.18.2-2ubuntu1.7+esm5?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.14.2-21build1

5.18.1-4

5.18.1-4build1

5.18.1-5

5.18.2-2

5.18.2-2ubuntu1

5.18.2-2ubuntu1.1

5.18.2-2ubuntu1.3

5.18.2-2ubuntu1.4

5.18.2-2ubuntu1.6

5.18.2-2ubuntu1.7

5.18.2-2ubuntu1.7+esm3

5.18.2-2ubuntu1.7+esm4

5.18.2-2ubuntu1.7+esm5

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.18.2-2ubuntu1.7+esm5",
            "binary_name": "libcgi-fast-perl"
        },
        {
            "binary_version": "5.18.2-2ubuntu1.7+esm5",
            "binary_name": "libperl5.18"
        },
        {
            "binary_version": "5.18.2-2ubuntu1.7+esm5",
            "binary_name": "perl"
        },
        {
            "binary_version": "5.18.2-2ubuntu1.7+esm5",
            "binary_name": "perl-base"
        },
        {
            "binary_version": "5.18.2-2ubuntu1.7+esm5",
            "binary_name": "perl-debug"
        },
        {
            "binary_version": "5.18.2-2ubuntu1.7+esm5",
            "binary_name": "perl-modules"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4176.json"

Ubuntu:Pro:16.04:LTS / perl

Package

Name: perl
Purl: pkg:deb/ubuntu/perl@5.22.1-9ubuntu0.9+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.20.2-6

5.22.1-3

5.22.1-4

5.22.1-5

5.22.1-7

5.22.1-8

5.22.1-9

5.22.1-9ubuntu0.2

5.22.1-9ubuntu0.3

5.22.1-9ubuntu0.5

5.22.1-9ubuntu0.6

5.22.1-9ubuntu0.9

5.22.1-9ubuntu0.9+esm1

5.22.1-9ubuntu0.9+esm2

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.22.1-9ubuntu0.9+esm2",
            "binary_name": "libperl5.22"
        },
        {
            "binary_version": "5.22.1-9ubuntu0.9+esm2",
            "binary_name": "perl"
        },
        {
            "binary_version": "5.22.1-9ubuntu0.9+esm2",
            "binary_name": "perl-base"
        },
        {
            "binary_version": "5.22.1-9ubuntu0.9+esm2",
            "binary_name": "perl-debug"
        },
        {
            "binary_version": "5.22.1-9ubuntu0.9+esm2",
            "binary_name": "perl-modules-5.22"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4176.json"

Ubuntu:18.04:LTS / perl

Package

Name: perl
Purl: pkg:deb/ubuntu/perl@5.26.1-6ubuntu0.7?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.26.0-8ubuntu1

5.26.1-2ubuntu1

5.26.1-3

5.26.1-4

5.26.1-4build1

5.26.1-5

5.26.1-6

5.26.1-6ubuntu0.1

5.26.1-6ubuntu0.2

5.26.1-6ubuntu0.3

5.26.1-6ubuntu0.5

5.26.1-6ubuntu0.6

5.26.1-6ubuntu0.7

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.26.1-6ubuntu0.7",
            "binary_name": "libperl5.26"
        },
        {
            "binary_version": "5.26.1-6ubuntu0.7",
            "binary_name": "perl"
        },
        {
            "binary_version": "5.26.1-6ubuntu0.7",
            "binary_name": "perl-base"
        },
        {
            "binary_version": "5.26.1-6ubuntu0.7",
            "binary_name": "perl-debug"
        },
        {
            "binary_version": "5.26.1-6ubuntu0.7",
            "binary_name": "perl-modules-5.26"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4176.json"

Ubuntu:20.04:LTS / perl

Package

Name: perl
Purl: pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.5?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.28.1-6build1

5.30.0-7

5.30.0-9

5.30.0-9build1

5.30.0-9ubuntu0.2

5.30.0-9ubuntu0.3

5.30.0-9ubuntu0.4

5.30.0-9ubuntu0.5

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.30.0-9ubuntu0.5",
            "binary_name": "libperl5.30"
        },
        {
            "binary_version": "5.30.0-9ubuntu0.5",
            "binary_name": "perl"
        },
        {
            "binary_version": "5.30.0-9ubuntu0.5",
            "binary_name": "perl-base"
        },
        {
            "binary_version": "5.30.0-9ubuntu0.5",
            "binary_name": "perl-debug"
        },
        {
            "binary_version": "5.30.0-9ubuntu0.5",
            "binary_name": "perl-modules-5.30"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-4176.json"