ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

CVE-2023-45853

Updated: 2025-08-20 02:32:39.385883

Description:

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0.0
CVSS Version 3.x	CRITICAL	9.8

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated
AlmaLinux 9.2 ESU	zlib	1.2.11	9.8	CRITICAL	Released	CLSA-2023:1700589307	2023-11-23 10:10:11
CentOS 6 ELS	zlib	1.2.3	9.8	CRITICAL	Released	CLSA-2023:1698180806	2023-11-06 04:08:59
CentOS 7 ELS	zlib	1.2.7	9.8	CRITICAL	Released	CLSA-2023:1698180296	2023-10-24 17:09:57
CentOS 8.4 ELS	zlib	1.2.11-17	9.8	CRITICAL	Released	CLSA-2023:1698180079	2023-10-24 17:09:54
CentOS 8.5 ELS	zlib	1.2.11-17	9.8	CRITICAL	Released	CLSA-2023:1698179874	2023-10-24 17:09:56
CloudLinux 6 ELS	zlib	1.2.3	9.8	CRITICAL	Released	CLSA-2023:1698181055	2023-11-06 04:08:59
Oracle Linux 6 ELS	zlib	1.2.3	9.8	CRITICAL	Released	CLSA-2023:1698179730	2023-10-24 17:09:56
Ubuntu 16.04 ELS	zlib	1.2.8	9.8	CRITICAL	Released	CLSA-2023:1698179598	2023-10-24 17:09:59
Ubuntu 18.04 ELS	zlib	1.2.11	9.8	CRITICAL	Released	CLSA-2023:1698179235	2023-10-24 17:09:58