MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
References
Configurations
History
24 Jan 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Dec 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. |
30 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Nov 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 Oct 2023, 12:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.winimage.com/zLibDll/minizip.html - Product | |
References | (MISC) https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4 - Product | |
References | (MISC) https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61 - Mailing List, Patch | |
References | (MISC) https://github.com/madler/zlib/pull/843 - Issue Tracking, Patch | |
References | (MISC) https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356 - Mailing List, Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Zlib zlib
Zlib |
|
CPE | cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:* | |
CWE | CWE-190 |
14 Oct 2023, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-14 02:15
Updated : 2024-08-01 13:44
NVD link : CVE-2023-45853
Mitre link : CVE-2023-45853
CVE.ORG link : CVE-2023-45853
JSON object : View
Products Affected
zlib
- zlib
CWE
CWE-190
Integer Overflow or Wraparound