Home > Vulnerability Database > CVE-2023-6992

Mend.io Vulnerability Database

CVE-2023-6992

Date: January 4, 2024

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Language: C

Severity Score

4.0

Related Resources (4)

Url: https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6992

Url: https://github.com/cloudflare/zlib

Url: https://www.mend.io/vulnerability-database/CVE-2023-6992

Severity Score

4.0

Weakness Type (CWE)

Input Validation

CWE-20

Out-of-bounds Write

CWE-787

Buffer Over-read

CWE-126

Heap-based Buffer Overflow

CWE-122

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6992

Date: January 4, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?