Описание
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | code not present |
| esm-infra-legacy/trusty | not-affected | code not present |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| mantic | not-affected | code not present |
| noble | not-affected | code not present |
| oracular | not-affected | code not present |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | uses system zlib |
| esm-infra-legacy/trusty | not-affected | uses system zlib |
| esm-infra/bionic | not-affected | code not built |
| esm-infra/focal | not-affected | code not built |
| esm-infra/xenial | not-affected | code not built |
| focal | not-affected | code not built |
| jammy | not-affected | uses system zlib |
| lunar | not-affected | uses system zlib |
| mantic | not-affected | uses system zlib |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | code not built |
| esm-infra-legacy/trusty | not-affected | 1:1.2.8.dfsg-1ubuntu1.1+esm3 |
| esm-infra/bionic | not-affected | code not built |
| esm-infra/focal | not-affected | code not built |
| esm-infra/xenial | not-affected | code not built |
| focal | not-affected | code not built |
| jammy | not-affected | 1:1.2.11.dfsg-2ubuntu9.2 |
| lunar | not-affected | code not built |
| mantic | not-affected | code not built |
Показывать по
Ссылки на источники
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...
EPSS
9.8 Critical
CVSS3