CVE-2023-6992

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cloudflare version of zlib library (affected versions not specified)

Description The Cloudflare version of the zlib library was found to have memory corruption issues due to improper input validation and heap-based buffer overflow in the deflation algorithm implementation. A local attacker could exploit this issue during compression using a crafted malicious file, potentially leading to denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Over-read

Memory Corruption

RCE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-787CWE-20CWE-122

Related Identifiers

AZL-43663

AZL-43807

AZL-43870

AZL-43957

AZL-43969

AZL-44517

AZL-44754

AZL-44811

AZL-45174

AZL-45198

CVE-2023-6992

GHSA-VWW9-J87R-4CQH

Affected Products

Zlib

CVE-2023-6992

Weakness Enumeration

Related Identifiers

Affected Products

References · 19