CVE-2023-6992

MEDIUM EPSS 14.4%
Published Jan 4, 20242y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Jan 4, 2024 2y ago
Last Modified Jun 17, 2026 1w ago

Description

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
14.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 4

CWE-122
CWE-126
CWE-20 Improper Input Validation Validation
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

VendorProductVersionRange
cloudflarezlib* <2023-11-16

References 2

  • github.com https://github.com/cloudflare/zlib
    Product
  • github.com https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh
    PatchThird Party Advisory