Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: lua52Packages.lua-zlib

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2023-6992
4.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months ago
Memory corruption issues is Cloudflare zlib implementation

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.

References

Affected products

zlib
  • <8352d10

Matching in nixpkgs

pkgs.zlib

Lossless data-compression library

  • nixos-unstable -

pkgs.lzlib

Data compression library providing in-memory LZMA compression and decompression functions, including integrity checking of the decompressed data

  • nixos-unstable -

pkgs.zlib-ng

Zlib data compression library for the next generation systems

  • nixos-unstable -

pkgs.guile-zlib

GNU Guile library providing bindings to zlib

  • nixos-unstable -

pkgs.guile-lzlib

GNU Guile library providing bindings to lzlib

  • nixos-unstable -

pkgs.gnatcoll-zlib

GNAT Components Collection - Bindings to C libraries

  • nixos-unstable -