Updated: 2024-08-01 21:07:57.214315
Description:
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | CRITICAL | 9.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | zlib | 1.2.11 | 9.8 | CRITICAL | Released | CLSA-2023:1700589307 | 2023-11-23 10:10:11 |
CentOS 6 ELS | zlib | 1.2.3 | 9.8 | CRITICAL | Released | CLSA-2023:1698180806 | 2023-11-06 04:08:59 |
CentOS 7 ELS | zlib | 1.2.7 | 9.8 | CRITICAL | Released | CLSA-2023:1698180296 | 2023-10-24 17:09:57 |
CentOS 8.4 ELS | zlib | 1.2.11-17 | 9.8 | CRITICAL | Released | CLSA-2023:1698180079 | 2023-10-24 17:09:54 |
CentOS 8.5 ELS | zlib | 1.2.11-17 | 9.8 | CRITICAL | Released | CLSA-2023:1698179874 | 2023-10-24 17:09:56 |
CloudLinux 6 ELS | zlib | 1.2.3 | 9.8 | CRITICAL | Released | CLSA-2023:1698181055 | 2023-11-06 04:08:59 |
Oracle Linux 6 ELS | zlib | 1.2.3 | 9.8 | CRITICAL | Released | CLSA-2023:1698179730 | 2023-10-24 17:09:56 |
Ubuntu 16.04 ELS | zlib | 1.2.8 | 9.8 | CRITICAL | Released | CLSA-2023:1698179598 | 2023-10-24 17:09:59 |
Ubuntu 18.04 ELS | zlib | 1.2.11 | 9.8 | CRITICAL | Released | CLSA-2023:1698179235 | 2023-10-24 17:09:58 |