Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C. This issue affects azerothcore-wotlk: through v4.0.0.
The error consists of copying data into a buffer without verification of input size (CWE-120) and writing beyond the boundaries of allocated memory (CWE-787). The vulnerable file is inflate.C, which is part of the zlib dependencies included in the azerothcore-wotlk project. An attacker can provide specially crafted data that causes a buffer overflow and overwrites adjacent memory areas.
Successful exploitation of the vulnerability can lead to remote code execution (RCE) on the game server or destabilization of its operation. Due to the absence of authentication and interaction requirements, the risk of complete system takeover is very high.
Apply patches available from the vendor according to the references — the fix is available as part of pull request #21599 in the azerothcore-wotlk GitHub repository (https://github.com/azerothcore/azerothcore-wotlk/pull/21599)
azerothcore-wotlk in all versions up to and including v4.0.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:RedAzerothcore
APPAzerothcore≤ 4.0.0