CVE-2023-6992

ADVISORY - nist

Summary

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

EPSS Score⁠: 0.00021 (0.046)

Common Weakness Enumeration (CWE)

ADVISORY - nist

NIST

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDCVE-2023-6992⁠

EXPLOITABILITY SCORE

1.4

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-122⁠CWE-126⁠CWE-20⁠CWE-787⁠

CVSS SCORE

4medium

Alpine

CREATED

2 years ago

UPDATED

4 days ago

ADVISORY IDCVE-2023-6992⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Photon

CREATED

3 months ago

UPDATED

3 months ago

ADVISORY ID

CVE-2023-6992

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

5.5medium

CVE-2023-6992

Summary

Common Weakness Enumeration (CWE)

CWE-122⁠

CWE-126⁠

CWE-20⁠

CWE-787⁠

Advisories

NIST

CVSS SCORE

Alpine

Photon

CVSS SCORE