CVE-2023-6992 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-6992

CVE-2023-6992

Published:January 04, 2024

Updated:May 17, 2026

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Affected Packages

slamdunk (CONDA):

Affected version(s) >=0.3.2 <0.4.0

Fix Suggestion:

Update to version 0.4.0

bioconductor-netreg (CONDA):

Affected version(s) >=1.2.0 <1.13.1

Fix Suggestion:

Update to version 1.13.1

mentalist (CONDA):

Affected version(s) >=0.1.2 <0.2.3

Fix Suggestion:

Update to version 0.2.3

mentalist (CONDA):

Affected version(s) =0.2.4

Fix Suggestion:

Update to version no_fix

zlib_v140_xp (NUGET):

Affected version(s) >=1.2.8 <=1.2.8.1

Fix Suggestion:

Update to version no_fix

zlib_vc14_xp (NUGET):

Affected version(s) =1.2.8

Fix Suggestion:

Update to version no_fix

slamdunk (PYTHON):

Affected version(s) >=0.3.2 <0.4.0

Fix Suggestion:

Update to version 0.4.0

rttrust (RUST):

Affected version(s) =0.1.0 <0.1.1

Fix Suggestion:

Update to version 0.1.1

musix (RUST):

Affected version(s) >=0.1.0 <=0.2.1

Fix Suggestion:

Update to version no_fix

mozjs_sys (RUST):

Affected version(s) >=0.50.0 <0.60.0

Fix Suggestion:

Update to version 0.60.0

zlib-src-sys (RUST):

Affected version(s) >=0.0.1 <0.1.1

Fix Suggestion:

Update to version 0.1.1

namigator-sys (RUST):

Affected version(s) >=0.1.0 <=0.2.0

Fix Suggestion:

Update to version no_fix

jp2k (RUST):

Affected version(s) >=0.1.0 <0.3.0

Fix Suggestion:

Update to version 0.3.0

cloudflare-zlib (RUST):

Affected version(s) =0.2.3 <0.2.5

Fix Suggestion:

Update to version 0.2.5

blosc-sys (RUST):

Affected version(s) >=1.7.0 <1.14.2

Fix Suggestion:

Update to version 1.14.2

gdcm-rs (RUST):

Affected version(s) >=0.1.0 <=0.6.0

Fix Suggestion:

Update to version no_fix

zlib (RUST):

Affected version(s) =0.0.1

Fix Suggestion:

Update to version no_fix

libz-sys (RUST):

Affected version(s) >=0.1.4 <1.0.17

Fix Suggestion:

Update to version 1.0.17

gdcm_conv (RUST):

Affected version(s) >=0.1.1 <0.1.7

Fix Suggestion:

Update to version 0.1.7

tcod-sys (RUST):

Affected version(s) >=1.5.2 <=5.0.1

Fix Suggestion:

Update to version no_fix

hdf5 (RUST):

Affected version(s) >=0.6.0 <0.7.1

Fix Suggestion:

Update to version 0.7.1

synthizer-sys (RUST):

Affected version(s) >=0.8.0 <=0.10.10

Fix Suggestion:

Update to version no_fix

zlib-src-sys (RUST):

Affected version(s) =0.1.2

Fix Suggestion:

Update to version no_fix

assimp-sys (RUST):

Affected version(s) >=0.2.2 <=0.3.1

Fix Suggestion:

Update to version no_fix

openjpeg-sys (RUST):

Affected version(s) >=1.0.0 <1.0.11

Fix Suggestion:

Update to version 1.0.11

libgit2-sys (RUST):

Affected version(s) >=0.0.1 <0.7.3

Fix Suggestion:

Update to version 0.7.3

blosc-src (RUST):

Affected version(s) =0.1.0 <0.1.1

Fix Suggestion:

Update to version 0.1.1

cloudflare-zlib-sys (RUST):

Affected version(s) >=0.1.0 <0.3.3

Fix Suggestion:

Update to version 0.3.3

git (RUST):

Affected version(s) >=0.0.2 <0.3.0

Fix Suggestion:

Update to version 0.3.0

openjpeg2-sys (RUST):

Affected version(s) >=0.1.0 <=0.1.4

Fix Suggestion:

Update to version no_fix

nss (YOCTO):

Affected version(s) >=3.25 <3.50

Fix Suggestion:

Update to version 3.50

sudo (YOCTO):

Affected version(s) >=1.8.17p1 <1.8.31

Fix Suggestion:

Update to version 1.8.31

ghostscript (YOCTO):

Affected version(s) >=9.19 <9.50

Fix Suggestion:

Update to version 9.50

tcl (YOCTO):

Affected version(s) =8.6.6 <8.6.10

Fix Suggestion:

Update to version 8.6.10

ccache (YOCTO):

Affected version(s) >=3.2.5 <3.3.4

Fix Suggestion:

Update to version 3.3.4

Related Resources (2)

https://github.com/cloudflare/zlib

https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh

Do you need more information?

CVSS v4

Base Score:

2.1

Attack Vector

LOCAL

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Weakness Type (CWE)

Buffer Over-read

CWE-126

Improper Input Validation

CWE-20

Out-of-bounds Write

CWE-787

Heap-based Buffer Overflow

CWE-122

EPSS

Base Score:

0.04