CVE-2023-6992

MEDIUM

Cloudflare zlib < 2023-11-16 - Denial of Service via Deflation Algorithm Memory Corruption

Title source: llm

Description

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

References (2)

Core 2

Core References

Product product

https://github.com/cloudflare/zlib

View Writeup ZIP pw:eip

Patch, Third Party Advisory vendor-advisory

https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh

Scores

CVSS v3 4.0

EPSS 0.0024

EPSS Percentile 14.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-126 CWE-20 CWE-122 CWE-787

Status published

Products (1)

cloudflare/zlib < 2023-11-16

Published Jan 04, 2024

Tracked Since Feb 18, 2026