CVE-2023-45853

Updated: 2024-08-01 21:07:57.214315

Description:

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU zlib 1.2.11 9.8 CRITICAL Released CLSA-2023:1700589307 2023-11-23 10:10:11
CentOS 6 ELS zlib 1.2.3 9.8 CRITICAL Released CLSA-2023:1698180806 2023-11-06 04:08:59
CentOS 7 ELS zlib 1.2.7 9.8 CRITICAL Released CLSA-2023:1698180296 2023-10-24 17:09:57
CentOS 8.4 ELS zlib 1.2.11-17 9.8 CRITICAL Released CLSA-2023:1698180079 2023-10-24 17:09:54
CentOS 8.5 ELS zlib 1.2.11-17 9.8 CRITICAL Released CLSA-2023:1698179874 2023-10-24 17:09:56
CloudLinux 6 ELS zlib 1.2.3 9.8 CRITICAL Released CLSA-2023:1698181055 2023-11-06 04:08:59
Oracle Linux 6 ELS zlib 1.2.3 9.8 CRITICAL Released CLSA-2023:1698179730 2023-10-24 17:09:56
Ubuntu 16.04 ELS zlib 1.2.8 9.8 CRITICAL Released CLSA-2023:1698179598 2023-10-24 17:09:59
Ubuntu 18.04 ELS zlib 1.2.11 9.8 CRITICAL Released CLSA-2023:1698179235 2023-10-24 17:09:58