## Critical zlib Vulnerability CVE-2026-22184 Patched in Docker Builds, Prevents Memory Corruption & Code Execution
A critical global buffer overflow vulnerability in zlib, tracked as CVE-2026-22184, has been patched across multiple Docker build configurations. The flaw resides in the `TGZfname()` function of zlib's untgz utility and can be triggered when processing an archive with a name exceeding 1024 bytes. Successful exploitation could lead to memory corruption, denial of service, or, most severely, arbitrary code execution on affected systems.

The fix was implemented by adding the command `apk --no-cache upgrade` to three core Dockerfiles: `Dockerfile`, `Dockerfile.cross`, and `Dockerfile.debug`. This ensures the underlying Alpine Linux packages, specifically zlib, are updated to a patched version during the image build process. The use of the `--no-cache` flag is a security hygiene measure to prevent cached repository indexes from being left in the final image layer, reducing the attack surface.

This proactive patching is a standard but critical step in secure software supply chain management. The vulnerability's potential for remote code execution makes it a high-priority fix for any system using the affected zlib version to unpack tar.gz archives. The associated test plan mandates verifying the upgrade step, confirming the patched zlib version is installed, running vulnerability scans, and ensuring application functionality remains intact post-patch.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: CVE-2026-22184, zlib, Docker, Vulnerability, Supply Chain Security
- **Credibility**: unverified
- **Published**: 2026-04-16 14:23:11
- **ID**: 67742
- **URL**: https://whisperx.ai/en/intel/67742