CVE-2026-24793
Published: 01/27/2026 09:15:48
Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C.
This issue affects azerothcore-wotlk: through v4.0.0.
Unknown
CVSS v2:
CVSS v2:
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 25.4 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 25.3 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 25.2 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 25.1.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 25.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 24.4 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 24.4.0 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 24.3 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 24.2.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 24.2 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 24.1 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 23.3 | zlib (1.3) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 23.2.1 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 23.2 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 23.1 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 22.4 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 22.3 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 22.2 | zlib (1.2.12) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 22.1 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 21.11.1 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 21.11 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 21.8.1 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 21.8 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 21.5.1 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 21.5.0 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 21.2.0 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.20 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.19.3667 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.18.3599 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.17 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.16.3445 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.15.3368 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.14.3263 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.13.3179 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.12.3054 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.11.3040 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.11.2990 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.10.2934 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.9.2878 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |
| 11.4.8.2822 | zlib (1.2.11) | Not Affected | Code Not Present | CVE-2026-24793 is a duplicate/variant of CVE-2022-37434, which was a heap buffer overflow in inflate.c when processing gzip headers with large extra fields. This was fixed in upstream zlib via commit eff308af425b67093bab25f80f1ae950166bece1. Document Filters uses zlib 1.3 (released August 2023), which includes this fix. The vulnerable code pattern no longer exists in our inflate.c. |