CVE-2023-6992

2024-01-0412:15:23

CWE-787

CWE-126

CWE-122

CWE-20

cloudflare

web.nvd.nist.gov

cloudflare

zlib

vulnerability

local attacker

denial of service

cve-2023-6992

nvd

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Affected configurations

Nvd

Node

cloudflarezlibRange<2023-11-16

VendorProductVersionCPE
cloudflarezlib*cpe:2.3:a:cloudflare:zlib:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudflare	zlib	*	cpe:2.3:a:cloudflare:zlib::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "zlib",
    "platforms": [
      "C"
    ],
    "product": "zlib",
    "repo": "https://github.com/cloudflare/zlib",
    "vendor": "Cloudflare",
    "versions": [
      {
        "lessThan": "8352d10",
        "status": "affected",
        "version": "0",
        "versionType": "git"
      }
    ]
  }
]