CVE-2023-6992

low-risk
Published 2024-01-04

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.0/10 Medium
LOCAL / HIGH complexity

Affected Products (1)

Zlib

Affected Vendors

Cloudflare

References (4)

Product https://github.com/cloudflare/zlib
Patch https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh
Product https://github.com/cloudflare/zlib
Patch https://github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh
15
/ 100
low-risk
Severity 10/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal