{"id":9808,"date":"2026-01-12T10:03:37","date_gmt":"2026-01-12T10:03:37","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/01\/12\/critical-zlib-vulnerability-let-attackers-trigger-buffer-overflow-by-invoking-untgz\/"},"modified":"2026-01-12T10:03:37","modified_gmt":"2026-01-12T10:03:37","slug":"critical-zlib-vulnerability-let-attackers-trigger-buffer-overflow-by-invoking-untgz","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/01\/12\/critical-zlib-vulnerability-let-attackers-trigger-buffer-overflow-by-invoking-untgz\/","title":{"rendered":"Critical Zlib Vulnerability Let Attackers Trigger Buffer Overflow by Invoking untgz"},"content":{"rendered":"<p>    Critical Zlib Vulnerability Let Attackers Trigger Buffer Overflow by Invoking untgz<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>A severe global <a href=\"https:\/\/cybersecuritynews.com\/what-is-buffer-overflow\/\" target=\"_blank\" rel=\"noreferrer noopener\">buffer overflow vulnerability<\/a> has been discovered in the zlib untgz utility version 1.3.1.2. Allowing attackers to corrupt memory and potentially execute malicious code through specially crafted command-line input.\u200b<\/p>\n<p>The security flaw resides in the TGZfname() function of the untgz utility, where an unbounded strcpy() call processes user-supplied archive names without any length validation.<\/p>\n<p>The vulnerability occurs when the utility copies attacker-controlled input from the command line into a fixed-size static global buffer of only 1,024 bytes.\u200b<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-technical-details\"><strong>Technical Details<\/strong><\/h2>\n<p>The root cause stems from poor input handling: the archive name is derived directly from the argv[] parameters and copied into a global static array without bounds checking.<\/p>\n<p>This overflow occurs immediately upon function entry, before any archive parsing or validation. Making the vulnerability trivially exploitable through command-line arguments alone.\u200b<\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>Attribute<\/th>\n<th>Details<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>CVE ID<\/td>\n<td>Not yet assigned<\/td>\n<\/tr>\n<tr>\n<td>Affected Software<\/td>\n<td>zlib untgz utility<\/td>\n<\/tr>\n<tr>\n<td>Affected Version<\/td>\n<td>v1.3.1.2<\/td>\n<\/tr>\n<tr>\n<td>Vulnerability Type<\/td>\n<td>Global Buffer Overflow<\/td>\n<\/tr>\n<tr>\n<td>CWE<\/td>\n<td>\n<a href=\"https:\/\/cybersecuritynews.com\/mitre-releases-top-25-most-dangerous-software\/\" target=\"_blank\" rel=\"noreferrer noopener\">CWE-120<\/a> (Buffer Copy without Checking Size of Input)<\/td>\n<\/tr>\n<tr>\n<td>Attack Vector<\/td>\n<td>Command-line input<\/td>\n<\/tr>\n<tr>\n<td>Impact<\/td>\n<td>Denial of Service, Memory Corruption, Potential Code Execution<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p><span style=\"box-sizing: border-box; margin: 0px; padding: 0px;\">Security researchers demonstrated that supplying an archive name exceeding 1,024 bytes triggers an\u00a0<a href=\"https:\/\/cybersecuritynews.com\/out-of-bounds-read-and-write\/\" target=\"_blank\" rel=\"noopener\">out-of-bounds\u00a0<\/a>write past the buffer\u2019s end, leading to\u00a0memory corruption.<\/span><\/p>\n<p>The potential impacts include <a href=\"https:\/\/cybersecuritynews.com\/multiple-django-vulnerabilities\/\" target=\"_blank\" rel=\"noreferrer noopener\">denial-of-service<\/a> crashes, corruption of adjacent global memory objects, and undefined behavior.<\/p>\n<p>More critically, depending on compiler settings, system architecture, build flags, and memory layout, attackers may be able to execute code.\u200b<\/p>\n<p>Researchers successfully <a href=\"https:\/\/seclists.org\/fulldisclosure\/2026\/Jan\/3\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">triggered<\/a> the vulnerability using AddressSanitizer (ASAN) by invoking untgz with a 4,096-byte filename argument.<\/p>\n<p>The ASAN output confirmed a global buffer overflow caused by a write of 2,001 bytes to the vulnerable memory address.\u200b<\/p>\n<p>Because the overflow affects global memory rather than <a href=\"https:\/\/cybersecuritynews.com\/windows-update-stack-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">stack memory<\/a>, the corruption persists beyond the function scope and can influence subsequent program behavior.<\/p>\n<p>The vulnerability requires no special privileges and has low attack complexity, making it particularly dangerous for systems using the affected zlib untgz utility.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/zlib-buffer-overflow-vulnerability\/\">Critical Zlib Vulnerability Let Attackers Trigger Buffer Overflow by Invoking untgz<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/zlib-buffer-overflow-vulnerability\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical Zlib Vulnerability Let Attackers Trigger Buffer Overflow by Invoking untgz A severe global buffer overflow vulnerability has been discovered in the zlib untgz utility version 1.3.1.2. Allowing attackers to corrupt memory and potentially execute malicious code through specially crafted command-line input.\u200b The security flaw resides in the TGZfname() function of the untgz utility, where [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-9808","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9808"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=9808"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/9808\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=9808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=9808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=9808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}