QwikSec

Security Database

CVE

CWE

Training

CVE-2023-45853

Published: Oct 14, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/madler/zlib/pull/843

https://www.winimage.com/zLibDll/minizip.html

https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4

https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61

https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356

[oss-security] 20231020 CVE-2023-45853: overflows in MiniZip in zlib through 1.3

mailing-list

[debian-lts-announce] 20231127 [SECURITY] [DLA 3670-1] minizip security update

mailing-list

https://security.netapp.com/advisory/ntap-20231130-0009/

https://pypi.org/project/pyminizip/#history

vendor-advisory

[oss-security] 20240124 Re: CVE-2023-45853: overflows in MiniZip in zlib through 1.3

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.