Critical severityNVD Advisory· Published Oct 14, 2023· Updated Aug 2, 2024
CVE-2023-45853
CVE-2023-45853
Description
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pyminizipPyPI | <= 0.2.6 | — |
Affected products
37- zlib/MiniZipdescription
- osv-coords36 versionspkg:apk/chainguard/minizippkg:apk/chainguard/zlibpkg:apk/chainguard/zlib-devpkg:apk/chainguard/zlib-docpkg:apk/chainguard/zlib-staticpkg:apk/wolfi/minizippkg:apk/wolfi/zlibpkg:apk/wolfi/zlib-devpkg:apk/wolfi/zlib-docpkg:apk/wolfi/zlib-staticpkg:pypi/pyminizippkg:rpm/opensuse/grype&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/zlib&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/zlib&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/zlib&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/zlib&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/zlib&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/zlib&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/zlib&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/zlib&distro=SUSE%20Manager%20Server%204.2
< 1.3-r1+ 35 more
- (no CPE)range: < 1.3-r1
- (no CPE)range: < 1.3-r1
- (no CPE)range: < 1.3-r1
- (no CPE)range: < 1.3-r1
- (no CPE)range: < 1.3-r1
- (no CPE)range: < 1.3-r1
- (no CPE)range: < 1.3-r1
- (no CPE)range: < 1.3-r1
- (no CPE)range: < 1.3-r1
- (no CPE)range: < 1.3-r1
- (no CPE)range: <= 0.2.6
- (no CPE)range: < 0.88.0-1.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.13-150500.4.3.1
- (no CPE)range: < 1.2.13-160000.3.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.13-150500.4.3.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.13-150500.4.3.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.13-150500.4.3.1
- (no CPE)range: < 1.2.11-11.37.1
- (no CPE)range: < 1.2.13-160000.3.1
- (no CPE)range: < 1.2.11-11.37.1
- (no CPE)range: < 1.2.13-160000.3.1
- (no CPE)range: < 1.2.11-11.37.1
- (no CPE)range: < 1.2.13-7.1
- (no CPE)range: < 1.2.13-slfo.1.1_2.1
- (no CPE)range: < 1.2.13-160000.3.1
- (no CPE)range: < 1.2.11-150000.3.48.1
- (no CPE)range: < 1.2.11-150000.3.48.1
Patches
Vulnerability mechanics
References
16- github.com/advisories/GHSA-mq29-j5xf-cjwrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-45853ghsaADVISORY
- security.gentoo.org/glsa/202401-18ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2023/10/20/9ghsamailing-listWEB
- www.openwall.com/lists/oss-security/2024/01/24/10ghsamailing-listWEB
- chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356ghsaWEB
- chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61ghsaWEB
- github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contribghsaWEB
- github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10cghsaWEB
- github.com/madler/zlib/pull/843ghsaWEB
- github.com/smihica/pyminizip/blob/master/zlib-1.2.11/contrib/minizip/zip.cghsaWEB
- lists.debian.org/debian-lts-announce/2023/11/msg00026.htmlghsamailing-listWEB
- pypi.org/project/pyminizip/ghsaWEB
- security.netapp.com/advisory/ntap-20231130-0009ghsaWEB
- www.winimage.com/zLibDll/minizip.htmlghsaWEB
- security.netapp.com/advisory/ntap-20231130-0009/mitre
News mentions
0No linked articles in our index yet.