CVE-2023-6992 MEDIUM

CVE-2023-6992: Memory corruption issues is Cloudflare zlib implementation

Vendor Cloudflare
Product zlib
Weakness CWE-20 · Input validation
Published January 4, 2024
Last update September 6, 2024
View on NVD All CVEs

CVSS base score

4.0/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Key dates

02Disclosure timeline

January 4, 2024 CVE published
September 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2019-18995 ABB PB610 HMISimulator does not check content-length of the HTTP request CVE-2021-1317 Cisco Small Business RV Series Routers Management Interface Command Injection Vulnerabilities CVE-2022-36032 ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent CVE-2020-3542 Cisco Webex Training Unauthorized Meeting Join Vulnerability CVE-2023-33103 Improper Input Validation in Multi-Mode Call Processor