Vulnerability Description
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloudflare | Zlib | < 2023-11-16 |
Related Weaknesses (CWE)
References
- https://github.com/cloudflare/zlibProduct
- https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqhPatchThird Party Advisory
- https://github.com/cloudflare/zlibProduct
- https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqhPatchThird Party Advisory
FAQ
What is CVE-2023-6992?
CVE-2023-6992 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validati...
How severe is CVE-2023-6992?
CVE-2023-6992 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6992?
Check the references section above for vendor advisories and patch information. Affected products include: Cloudflare Zlib.