VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 19, 2023· Updated Sep 12, 2024

CVE-2023-46228

CVE-2023-46228

Description

zchunk before 1.3.2 contains multiple integer overflows in file parsing that can be triggered by malformed zchunk files, leading to potential memory corruption.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

zchunk before 1.3.2 contains multiple integer overflows in file parsing that can be triggered by malformed zchunk files, leading to potential memory corruption.

Vulnerability

zchunk versions prior to 1.3.2 contain multiple integer overflow vulnerabilities in the file parsing routines. The overflows occur in lib/comp/comp.c (comp_add_to_data), lib/comp/zstd/zstd.c (compress), lib/dl/multipart.c (multipart_extract), and lib/header.c (read_header_from_file). When processing a malformed zchunk file, the addition of sizes can overflow, leading to an undersized buffer allocation via zrealloc [1][2].

Exploitation

An attacker can exploit these vulnerabilities by supplying a specially crafted zchunk file to an application using the zchunk library. No authentication or special privileges are required; the file only needs to be parsed by the library. The attacker must craft the file such that the size fields cause an integer overflow during the addition operations in the affected functions [1].

Impact

Successful exploitation results in an integer overflow that causes zrealloc to allocate a buffer smaller than expected. This can lead to heap corruption when data is written into the undersized buffer, potentially allowing arbitrary code execution or denial of service. The exact impact depends on the context in which the library is used [1][2].

Mitigation

The vulnerabilities are fixed in zchunk version 1.3.2, released on 2023-10-05 [3]. Users should upgrade to this version or later. No workarounds are available; the only mitigation is to apply the patch or update the library [1][2].

References
  1. Handle overflow errors in malformed zchunk files · zchunk/zchunk@08aec2b
  2. 1216268 – (CVE-2023-46228) VUL-0: CVE-2023-46228: zchunk: overflow fixes in git
  3. Comparing 1.3.1...1.3.2 · zchunk/zchunk

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

23

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Multiple integer overflows occur when processing malformed zchunk files."

Attack vector

An attacker can trigger multiple integer overflows by providing malformed zchunk files. These overflows occur during data processing, compression, and header reading operations within the zchunk library. The vulnerability can be triggered by malformed input files that cause calculations involving sizes to exceed the maximum value for their data types [ref_id=1].

Affected code

The vulnerabilities are located in multiple files within the zchunk library, including `lib/comp/comp.c`, `lib/comp/zstd/zstd.c`, `lib/dl/multipart.c`, and `lib/header.c`. Specifically, the `comp_add_to_data` function, the `compress` function, the `multipart_extract` function, and the `read_header_from_file` function are affected by integer overflows [ref_id=1]. The `read_lead` function also contains a similar integer overflow vulnerability [ref_id=1].

What the fix does

The patch introduces checks to detect potential integer overflows before performing arithmetic operations that could lead to them. For example, in `comp_add_to_data`, it now checks if `comp->data_size + src_size` would overflow before reallocating memory [ref_id=1]. Similar checks are added in other functions like `compress`, `multipart_extract`, `read_header_from_file`, and `read_lead` to prevent overflows when calculating buffer sizes or lengths [ref_id=1].

Preconditions

  • inputThe zchunk library must process a malformed zchunk file.

Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.