Home > Vulnerability Database > CVE-2023-45853

Mend.io Vulnerability Database

CVE-2023-45853

Good to know:

Date: October 13, 2023

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

Language: C

Severity Score

9.8

Related Resources (19)

Url: https://security.netapp.com/advisory/ntap-20231130-0009/

Url: https://security.gentoo.org/glsa/202401-18

Url: https://security-tracker.debian.org/tracker/CVE-2023-45853

Url: http://www.openwall.com/lists/oss-security/2023/10/20/9

Url: http://www.openwall.com/lists/oss-security/2024/01/24/10

Url: https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4

Url: https://github.com/smihica/pyminizip

Url: https://pypi.org/project/pyminizip/#history

Url: https://github.com/madler/zlib/pull/843

Url: https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356

Url: https://security.netapp.com/advisory/ntap-20231130-0009

Url: https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c

Url: https://security.alpinelinux.org/vuln/CVE-2023-45853

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45853

Url: https://github.com/smihica/pyminizip/blob/master/zlib-1.2.11/contrib/minizip/zip.c

Url: https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html

Url: https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61

Url: https://www.winimage.com/zLibDll/minizip.html

Url: https://www.mend.io/vulnerability-database/CVE-2023-45853

Severity Score

9.8

Weakness Type (CWE)

Integer Overflow or Wraparound

CWE-190

Top Fix

Upgrade Version

Upgrade to version zlib - 1.3.1

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45853

Good to know:

Date: October 13, 2023

Language: C

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?