Fluid Attacks Database

Description

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version
alpine v3.16	zlib	>=0 <0
alpine v3.17	zlib	>=0 <0
alpine v3.18	zlib	>=0 <0
alpine v3.19	zlib	>=0 <0
alpine v3.20	zlib	>=0 <0
alpine v3.21	zlib	>=0 <0
alpine v3.22	zlib	>=0 <0
alpine v3.23	zlib	>=0 <0

Aliases

1. CVE-2023-69922. NVD-2023-69923. OSV-ALPINE-2023-69924. OSV-2023-69925. SECURITY-CVE-2023-6992

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.