CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS
Percentile
5.1%
Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.
[
{
"defaultStatus": "unaffected",
"packageName": "zlib",
"platforms": [
"C"
],
"product": "zlib",
"repo": "https://github.com/cloudflare/zlib",
"vendor": "Cloudflare",
"versions": [
{
"lessThan": "8352d10",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
]