MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
References
Configurations
History
24 Jan 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Jan 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Dec 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. | |
References |
|
30 Nov 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Nov 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-14 02:15
Updated : 2024-08-01 13:44
NVD link : CVE-2023-45853
Mitre link : CVE-2023-45853
CVE.ORG link : CVE-2023-45853
JSON object : View
Products Affected
zlib
- zlib
CWE
CWE-190
Integer Overflow or Wraparound