CVE-2026-4176

Name
CVE-2026-4176
Description
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
9b29abf9-4ab0-4765-b253-1875cd9b441e https://github.com/Perl/perl5/commit/c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94
9b29abf9-4ab0-4765-b253-1875cd9b441e https://lists.security.metacpan.org/cve-announce/msg/37638919/
9b29abf9-4ab0-4765-b253-1875cd9b441e https://metacpan.org/release/PMQS/Compress-Raw-Zlib-2.221/source/Changes
9b29abf9-4ab0-4765-b253-1875cd9b441e https://metacpan.org/release/SHAY/perl-5.40.4/changes
9b29abf9-4ab0-4765-b253-1875cd9b441e https://metacpan.org/release/SHAY/perl-5.42.2/changes
9b29abf9-4ab0-4765-b253-1875cd9b441e https://www.cve.org/CVERecord?id=CVE-2026-3381
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2026/03/30/2

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* perl >= 5.9.4 < 5.40.4
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* perl >= 5.41.0 < 5.42.2
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* perl >= 5.43.0 < 5.43.9

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
perl edge-main 5.42.2-r0 None fixed
perl edge-main 5.42.1-r0 None possibly vulnerable
perl edge-main 5.42.0_rc3-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
perl edge-main 5.42.0_rc2-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
perl edge-main 5.42.0-r1 None possibly vulnerable
perl edge-main 5.42.0-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
perl edge-main 5.40.2-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
perl edge-main 5.40.1-r1 Celeste <cielesti@protonmail.com> possibly vulnerable
perl edge-main 5.40.1-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
perl edge-main 5.40.0-r3 Celeste <cielesti@protonmail.com> possibly vulnerable
perl edge-main 5.38.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl edge-main 5.34.0-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl edge-main 5.30.3-r0 None possibly vulnerable
perl edge-main 5.26.3-r0 None possibly vulnerable
perl edge-main 5.26.2-r1 None possibly vulnerable
perl edge-main 5.26.2-r0 None possibly vulnerable
perl edge-main 5.26.1-r0 None possibly vulnerable
perl 3.23-main 5.42.1-r0 Celeste <cielesti@protonmail.com> fixed
perl 3.23-main 5.42.0-r0 Celeste <cielesti@protonmail.com> fixed
perl 3.22-main 5.40.3-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
perl 3.22-main 5.40.2-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
perl 3.22-main 5.40.1-r1 None possibly vulnerable
perl 3.22-main 5.38.1-r0 None possibly vulnerable
perl 3.22-main 5.34.0-r1 None possibly vulnerable
perl 3.22-main 5.30.3-r0 None possibly vulnerable
perl 3.22-main 5.26.3-r0 None possibly vulnerable
perl 3.22-main 5.26.2-r1 None possibly vulnerable
perl 3.22-main 5.26.2-r0 None possibly vulnerable
perl 3.22-main 5.26.1-r0 None possibly vulnerable
perl 3.21-main 5.40.3-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
perl 3.21-main 5.40.1-r1 Celeste <cielesti@protonmail.com> possibly vulnerable
perl 3.21-main 5.40.1-r0 Celeste <cielesti@protonmail.com> possibly vulnerable
perl 3.21-main 5.40.0-r3 Celeste <cielesti@protonmail.com> possibly vulnerable
perl 3.21-main 5.38.1-r0 None possibly vulnerable
perl 3.21-main 5.34.0-r1 None possibly vulnerable
perl 3.21-main 5.30.3-r0 None possibly vulnerable
perl 3.21-main 5.26.3-r0 None possibly vulnerable
perl 3.21-main 5.26.2-r1 None possibly vulnerable
perl 3.21-main 5.26.2-r0 None possibly vulnerable
perl 3.21-main 5.26.1-r0 None possibly vulnerable
perl 3.20-main 5.38.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl 3.20-main 5.38.3-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl 3.20-main 5.38.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl 3.20-main 5.38.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl 3.20-main 5.38.1-r0 None possibly vulnerable
perl 3.20-main 5.34.0-r1 None possibly vulnerable
perl 3.20-main 5.30.3-r0 None possibly vulnerable
perl 3.20-main 5.26.3-r0 None possibly vulnerable
perl 3.20-main 5.26.2-r1 None possibly vulnerable
perl 3.20-main 5.26.2-r0 None possibly vulnerable
perl 3.20-main 5.26.1-r0 None possibly vulnerable
perl 3.19-main 5.38.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl 3.19-main 5.38.3-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl 3.19-main 5.38.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl 3.19-main 5.38.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
perl 3.19-main 5.38.1-r0 None possibly vulnerable
perl 3.19-main 5.34.0-r1 None possibly vulnerable
perl 3.19-main 5.30.3-r0 None possibly vulnerable
perl 3.19-main 5.26.3-r0 None possibly vulnerable
perl 3.19-main 5.26.2-r1 None possibly vulnerable
perl 3.19-main 5.26.2-r0 None possibly vulnerable
perl 3.19-main 5.26.1-r0 None possibly vulnerable