AikidoSec · sampion88 · Mar 5, 2026 · Mar 5, 2026 · Mar 5, 2026
diff --git a/vulnerabilities/AIKIDO-2026-10288.json b/vulnerabilities/AIKIDO-2026-10288.json
@@ -0,0 +1,36 @@
+{
+  "package_name": "zlib",
+  "patch_versions": [
+    "3.0.1",
+    "3.1.2",
+    "3.2.3"
+  ],
+  "vulnerable_ranges": [
+    [
+      "0.0.1",
+      "3.0.0"
+    ],
+    [
+      "3.1.0",
+      "3.1.2"
+    ],
+    [
+      "3.2.0",
+      "3.2.2"
+    ]
+  ],
+  "cwe": [
+    "CWE-120"
+  ],
+  "tldr": "Affected versions of the `zlib` gem are vulnerable to a buffer overflow in `Zlib::GzipReader`. The `zstream_buffer_ungets` function prepends caller-provided bytes to an existing output buffer but does not ensure that the underlying Ruby string has sufficient capacity before shifting existing data with `memmove`. This can lead to a buffer overflow and memory corruption when the buffer length exceeds its allocated capacity.",
+  "doest_this_affect_me": "You are affected if you are using a version that falls within the vulnerable range.",
+  "how_to_fix": "Upgrade the `zlib` library to the patch version.",
+  "vulnerable_to": "Buffer Overflow",
+  "related_cve_id": "CVE-2026-27820",
+  "language": "RUBY",
+  "severity_class": "HIGH",
+  "aikido_score": 80,
+  "changelog": "https://github.com/ruby/zlib/releases/tag/v3.2.3",
+  "last_modified": "2026-03-05",
+  "published": "2026-03-05"
+}