Memory corruption issues is Cloudflare zlib implementation
CVE-2023-6992

4MEDIUM

Key Information:

Vendor: Cloudflare
Status: Zlib
Vendor: CVE Published:; 4 January 2024

What is CVE-2023-6992?

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Affected Version(s)

zlib C 0 < 8352d10

References

https://github.com/cloudflare/zlib

product

https://github.com/cloudflare/zlib/security/advisories/GH...

vendor-advisory

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 4, 2024
Vulnerability Reserved
Dec 20, 2023

Credit

Martin Schwarzl