Vulnerability DatabaseCVE-2023-6992
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-6992
January 04, 2024
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.
Related Resources (2)
https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh
https://github.com/cloudflare/zlib
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.1
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW
Weakness Type (CWE)
Improper Input Validation
CWE-20
Buffer Over-read
CWE-126
Out-of-bounds Write
CWE-787
Heap-based Buffer Overflow
CWE-122
EPSS
Base Score:
0.02