Описание
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
A flaw was found in the MiniZip component of the zlib package. When opening a new file, MiniZip doesn't properly validate the filename, comments, or extra fields length against the data type used to store this information. This may allow an attacker to craft a malicious ZIP file that will lead to an overflow on the length field. This value is further used in memory allocations and indexing, which can cause an out-of-bounds write, leading to heap corruption and possible arbitrary code execution.
Отчет
Red Hat Enterprise Linux default configuration doesn't expose zlib through any network services. Additionally, the user would need to be tricked into opening the crafted file from an attacker to be successful. The impact for Confidentiality, Integrity, and Availability is limited to the scope of the process and user privilege related to the victim, therefore, the impact is considered 'Low'.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Not affected | ||
| Red Hat build of OpenJDK 11 | zlib | Will not fix | ||
| Red Hat build of OpenJDK 17 | zlib | Affected | ||
| Red Hat build of OpenJDK 1.8 | zlib | Will not fix | ||
| Red Hat Enterprise Linux 6 | zlib | Out of support scope | ||
| Red Hat Enterprise Linux 7 | zlib | Out of support scope | ||
| Red Hat Enterprise Linux 8 | zlib | Not affected | ||
| Red Hat Enterprise Linux 9 | zlib | Not affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/argocd-rhel8 | Not affected | ||
| Red Hat OpenShift GitOps | openshift-gitops-1/argo-rollouts-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...
EPSS
5.3 Medium
CVSS3