ByteOS Network

NVD Vulnerability Details :

CVE-2023-45853

Analyzed

Source-cve@mitre.org

Published At-14 Oct, 2023 | 02:15

Updated At-20 Dec, 2024 | 17:41

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CPE Matches

zlib>>zlib>>Versions before 1.3.1(exclusive)

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

smihica>>pyminizip>>Versions up to 0.2.6(inclusive)

cpe:2.3:a:smihica:pyminizip:*:*:*:*:*:python:*:*

Weaknesses

CWE ID	Type	Source
CWE-190	Primary	nvd@nist.gov
CWE-190	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-190

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-190

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://www.openwall.com/lists/oss-security/2023/10/20/9	cve@mitre.org	Mailing List
http://www.openwall.com/lists/oss-security/2024/01/24/10	cve@mitre.org	Mailing List
https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356	cve@mitre.org	Mailing List Patch
https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61	cve@mitre.org	Mailing List Patch
https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4	cve@mitre.org	Product
https://github.com/madler/zlib/pull/843	cve@mitre.org	Issue Tracking Patch
https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html	cve@mitre.org	Mailing List Third Party Advisory
https://pypi.org/project/pyminizip/#history	cve@mitre.org	Release Notes
https://security.gentoo.org/glsa/202401-18	cve@mitre.org	Third Party Advisory
https://security.netapp.com/advisory/ntap-20231130-0009/	cve@mitre.org	Third Party Advisory
https://www.winimage.com/zLibDll/minizip.html	cve@mitre.org	Product
http://www.openwall.com/lists/oss-security/2023/10/20/9	af854a3a-2127-422b-91ae-364da2661108	Mailing List
http://www.openwall.com/lists/oss-security/2024/01/24/10	af854a3a-2127-422b-91ae-364da2661108	Mailing List
https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch
https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61	af854a3a-2127-422b-91ae-364da2661108	Mailing List Patch
https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4	af854a3a-2127-422b-91ae-364da2661108	Product
https://github.com/madler/zlib/pull/843	af854a3a-2127-422b-91ae-364da2661108	Issue Tracking Patch
https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
https://pypi.org/project/pyminizip/#history	af854a3a-2127-422b-91ae-364da2661108	Release Notes
https://security.gentoo.org/glsa/202401-18	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://security.netapp.com/advisory/ntap-20231130-0009/	af854a3a-2127-422b-91ae-364da2661108	Third Party Advisory
https://www.winimage.com/zLibDll/minizip.html	af854a3a-2127-422b-91ae-364da2661108	Product