CVE-2023-6992

Published: April 1, 2024
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.
MEDIUM
CVSS v3: 4

Status

DocFilters Release Package State Justification Comment
25.1 zlib (1.3) False Positive Code Not Present Unknown vendors ‘cloudflare’
24.4 zlib (1.3) False Positive Code Not Present Unknown vendors ‘cloudflare’
24.4.0 zlib (1.3) False Positive Code Not Present Unknown vendors ‘cloudflare’
24.3 zlib (1.3) False Positive Code Not Present Unknown vendors ‘cloudflare’
24.2.1 zlib (1.3) False Positive Code Not Present Unknown vendors ‘cloudflare’
24.2 zlib (1.3) False Positive Code Not Present Unknown vendors ‘cloudflare’
24.1 zlib (1.3) False Positive Code Not Present Unknown vendors ‘cloudflare’
23.3 zlib (1.3) False Positive Code Not Present Unknown vendors ‘cloudflare’
23.2.1 zlib (1.2.12) False Positive Code Not Present Unknown vendors ‘cloudflare’
23.2 zlib (1.2.12) False Positive Code Not Present Unknown vendors ‘cloudflare’
23.1 zlib (1.2.12) False Positive Code Not Present Unknown vendors ‘cloudflare’
22.4 zlib (1.2.12) False Positive Code Not Present Unknown vendors ‘cloudflare’
22.3 zlib (1.2.12) False Positive Code Not Present Unknown vendors ‘cloudflare’
22.2 zlib (1.2.12) False Positive Code Not Present Unknown vendors ‘cloudflare’
22.1 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
21.11.1 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
21.11 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
21.8.1 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
21.8 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
21.5.1 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
21.5.0 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
21.2.0 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.20 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.19.3667 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.18.3599 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.17 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.16.3445 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.15.3368 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.14.3263 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.13.3179 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.12.3054 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.11.3040 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.11.2990 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.10.2934 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.9.2878 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’
11.4.8.2822 zlib (1.2.11) False Positive Code Not Present Unknown vendors ‘cloudflare’

Severity score breakdown

Attack Complexity
HIGH
Attack Vector
LOCAL
Availability Impact
LOW
Base Score
4
Base Severity
MEDIUM
Confidentiality Impact
NONE
Integrity Impact
LOW
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Version
3.1

References