Lucene search

CloudflareVULNRICHMENT:CVE-2023-6992

HistoryJan 04, 2024 - 11:11 a.m.

CVE-2023-6992 Memory corruption issues is Cloudflare zlib implementation

2024-01-0411:11:07

CWE-122

CWE-20

CWE-126

cloudflare

github.com

cloudflare

zlib

memory corruption

deflate algorithm

denial of service

patch

commit

github

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

References

github.com/cloudflare/zlib

github.com/cloudflare/zlib/security/advisories/GHSA-vww9-j87r-4cqh

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-6992