CVE-2023-6992 Memory corruption issues is Cloudflare zlib implementation

2024-01-0411:11:07

CWE-122

CWE-126

CWE-20

cloudflare

www.cve.org

cloudflare

zlib

memory corruption

heap-based buffer overflow

denial of service

patch

commit 8352d10

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

EPSS

Percentile

5.1%

JSON

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "zlib",
    "platforms": [
      "C"
    ],
    "product": "zlib",
    "repo": "https://github.com/cloudflare/zlib",
    "vendor": "Cloudflare",
    "versions": [
      {
        "lessThan": "8352d10",
        "status": "affected",
        "version": "0",
        "versionType": "git"
      }
    ]
  }
]