vulnerability

Alpine Linux: CVE-2023-6992: Improper Input Validation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:L/AC:M/Au:N/C:N/I:P/A:P)	Jan 4, 2024	Mar 21, 2024	Jan 5, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:N/I:P/A:P)

Published

Jan 4, 2024

Added

Mar 21, 2024

Modified

Jan 5, 2026

Description

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow.
A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software.
Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

Solution

alpine-linux-upgrade-zlib

References

CVE-2023-6992
https://attackerkb.com/topics/CVE-2023-6992
URL-https://security.alpinelinux.org/vuln/CVE-2023-6992
CWE-20
CWE-122
CWE-126
CWE-787

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today