Lucene search

[email protected]NVD:CVE-2023-6992

HistoryJan 04, 2024 - 12:15 p.m.

CVE-2023-6992

2024-01-0412:15:23

CWE-20

CWE-122

CWE-126

CWE-787

[email protected]

web.nvd.nist.gov

cloudflare

memory corruption

zlib

vulnerability

denial of service

patch

commit

github

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Affected configurations

Nvd

Node

cloudflarezlibRange<2023-11-16

VendorProductVersionCPE
cloudflarezlib*cpe:2.3:a:cloudflare:zlib:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cloudflare	zlib	*	cpe:2.3:a:cloudflare:zlib::::::::

References

github.com/cloudflare/zlib

github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

4.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-6992

cvelist1 prion1 osv1 alpinelinux1 vulnrichment1 cve1