Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-45853

Опубликовано: 14 окт. 2023
Источник: debian

Описание

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zlibfixed1:1.3.dfsg-2package
zlibignoredbookwormpackage
zlibignoredbullseyepackage
zlibignoredbusterpackage
minizipremovedpackage
minizipfixed1.1-8+deb12u1bookwormpackage
minizipfixed1.1-8+deb11u1bullseyepackage

Примечания

  • https://github.com/madler/zlib/pull/843

  • https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c

  • src:zlib only starts building minizip starting in 1:1.2.13.dfsg-2

  • For older suites due to this an update can be ignored as no binary package built

  • by the vulnerable source is affected (i.e. contrib/minizip not built and provided

  • in those versions).

Связанные уязвимости

ubuntu логотип

CVE-2023-45853

CVSS3: 9.8
ubuntu
больше 1 года назад

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

redhat логотип

CVE-2023-45853

CVSS3: 5.3
redhat
больше 1 года назад

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

nvd логотип

CVE-2023-45853

CVSS3: 9.8
nvd
больше 1 года назад

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

msrc логотип

CVE-2023-45853

CVSS3: 9.8
msrc
больше 1 года назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2023:4217-1

suse-cvrf
больше 1 года назад

Security update for zlib