CVE-2026-22184 – This CVE describes a global buffer overflow vul... (How to Fix)

Q: What is the severity of CVE-2026-22184?

CVE-2026-22184 has a CVSS score of 9.8 (CRITICAL). This CVE describes a global buffer overflow vulnerability in zlib's untgz utility when processing excessively long archive names via command line. The vulnerability allows arbitrary code execution but only affects the standalone demonstration utility, not the core zlib compression library. Systems that have the untgz utility installed and execute it with untrusted input are affected.

📋 TL;DR

This CVE describes a global buffer overflow vulnerability in zlib's untgz utility when processing excessively long archive names via command line. The vulnerability allows arbitrary code execution but only affects the standalone demonstration utility, not the core zlib compression library. Systems that have the untgz utility installed and execute it with untrusted input are affected.

💻 Affected Systems

Products:

zlib

Versions: zlib versions up to and including 1.3.1.2

Operating Systems: All operating systems where zlib with untgz utility is installed

Default Config Vulnerable: ✅ No

Notes: Only affects the standalone untgz utility in contrib/ directory, not the core zlib library. Many distributions may not include untgz by default.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the user running untgz, potentially leading to full system compromise if executed with elevated privileges.

🟠

Likely Case

Local privilege escalation or denial of service when untrusted users can supply archive names to untgz commands.

🟢

If Mitigated

Limited impact if untgz is not installed or not executed with untrusted input, as the vulnerability requires user interaction.

🌐 Internet-Facing: LOW - untgz is typically not exposed to internet-facing services and requires command-line execution.

🏢 Internal Only: MEDIUM - Internal users with access to execute untgz with untrusted input could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction to execute untgz with malicious input. Public proof-of-concept exists in disclosure references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: zlib 1.3.1.3 and later

Vendor Advisory: https://github.com/madler/zlib/issues/1142

Restart Required: No

Instructions:

1. Update zlib to version 1.3.1.3 or later. 2. For source installations: download latest version from zlib.net and recompile. 3. For package managers: use system update commands (apt update && apt upgrade zlib, yum update zlib, etc.).

🔧 Temporary Workarounds

Remove untgz utility

all

Remove or disable the vulnerable untgz binary since it's a demonstration utility not required for core functionality.

rm /usr/bin/untgz
rm /usr/local/bin/untgz

Restrict untgz execution

all

Remove execute permissions or restrict access to untgz utility.

chmod -x /usr/bin/untgz
chmod 000 /usr/bin/untgz

🧯 If You Can't Patch

Remove or disable the untgz utility entirely
Implement strict input validation and avoid passing untrusted archive names to untgz

🔍 How to Verify

Check if Vulnerable:

Check if untgz exists and zlib version is <=1.3.1.2: which untgz && zlib-flate --version

Check Version:

zlib-flate --version 2>/dev/null || echo 'zlib-flate not found'

Verify Fix Applied:

Verify zlib version is >=1.3.1.3: zlib-flate --version | grep -q '1.3.1.[3-9]\|1.3.[2-9]\|1.[4-9]'

📡 Detection & Monitoring

Log Indicators:

Execution of untgz with unusually long command-line arguments
Process crashes of untgz with segmentation faults

Network Indicators:

No network indicators as this is a local utility

SIEM Query:

process.name:"untgz" AND (cmdline.length > 256 OR exit_code:139)

📊 Metadata

CVE ID: CVE-2026-22184

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 7, 2026

Last Updated: February 6, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://github.com/madler/zlib Product
https://seclists.org/fulldisclosure/2026/Jan/3 Mailing List,Third Party Advisory
https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname Third Party Advisory
https://zlib.net/ Product
https://github.com/madler/zlib/issues/1142 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22184, you might also want to check these: