CVE-2023-6992

CVSS V2 None CVSS V3 None

Description

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Overview

CVE ID
CVE-2023-6992

Assigner
cloudflare

Vulnerability Status
PUBLISHED

Published Version
2024-01-04T11:11:07.558Z

Last Modified Date
2024-01-04T11:14:15.933Z

Weakness Enumerations

CWE	URL
CWE-20	http://cwe.mitre.org/data/definitions/20.html
CWE-122	http://cwe.mitre.org/data/definitions/122.html
CWE-126	http://cwe.mitre.org/data/definitions/126.html

References

Reference URL	Reference Tags
https://github.com/cloudflare/zlib	product
https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh	vendor-advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-6992
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6992

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 07:14:23				Added to TrackCVE