CVE-2023-45853

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Affected Products (NVD)
VendorProductVersion
zlibzlib
𝑥
< 1.3.1
smihicapyminizip
𝑥
≤ 0.2.6
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
zlibzlib
𝑥
< 1.3
ADP
SiemensCADRA
𝑥
< V2511
ADP
SiemensSIMATIC S7-1500 CPU 1518-4 PN/DP MFP
V3.1.0 ≤
𝑥
< V3.1.5
ADP
SiemensSIMATIC S7-1500 CPU 1518-4 PN/DP MFP
V3.1.0 ≤
𝑥
< V3.1.5
ADP
SiemensSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
V3.1.0 ≤
𝑥
< V3.1.5
ADP
SiemensSIMATIC S7-1500 CPU 1518F-4 PN/DP MFP
V3.1.0 ≤
𝑥
< V3.1.5
ADP
SiemensSIPLUS S7-1500 CPU 1518-4 PN/DP MFP
V3.1.0 ≤
𝑥
< V3.1.5
ADP
Debian logo
Debian Releases
Debian Product
Codename
minizip
bookworm
1.1-8+deb12u1
ignored
bullseye
1.1-8+deb11u1
ignored
buster
ignored
zlib
bookworm
ignored
bullseye
ignored
bullseye (security)
vulnerable
buster
ignored
sid
1:1.3.dfsg+really1.3.1-1
fixed
trixie
1:1.3.dfsg+really1.3.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
klibc
bionic
not-affected
focal
not-affected
jammy
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
not-affected
rsync
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
not-affected
xenial
not-affected
zlib
bionic
not-affected
focal
not-affected
jammy
not-affected
lunar
not-affected
mantic
not-affected
noble
not-affected
oracular
not-affected
trusty
Fixed 1:1.2.8.dfsg-1ubuntu1.1+esm3
released
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libminizip1
suse enterprise desktop 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise desktop 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise sap 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise server 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.3.1
fixed
libz1
suse enterprise desktop 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise desktop 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise sap 12 SP5
1.2.11-11.37.1
fixed
suse enterprise sap 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise sap 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise server 12 SP3
1.2.8-12.12.1
fixed
suse enterprise server 12 SP5
1.2.11-11.37.1
fixed
suse enterprise server 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise server 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.3.1
fixed
libz1-32bit
suse enterprise desktop 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise desktop 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise sap 12 SP5
1.2.11-11.37.1
fixed
suse enterprise sap 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise sap 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise server 12 SP3
1.2.8-12.12.1
fixed
suse enterprise server 12 SP5
1.2.11-11.37.1
fixed
suse enterprise server 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise server 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.3.1
fixed
minizip-devel
suse enterprise desktop 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise desktop 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise sap 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise server 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.3.1
fixed
zlib-devel
suse enterprise desktop 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise desktop 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise sap 12 SP5
1.2.11-11.37.1
fixed
suse enterprise sap 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise sap 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise server 12 SP3
1.2.8-12.12.1
fixed
suse enterprise server 12 SP5
1.2.11-11.37.1
fixed
suse enterprise server 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise server 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.3.1
fixed
zlib-devel-32bit
suse enterprise sap 12 SP5
1.2.11-11.37.1
fixed
suse enterprise server 12 SP5
1.2.11-11.37.1
fixed
suse enterprise server 15 SP4
1.2.11-150000.3.48.1
fixed
zlib-devel-static
suse enterprise desktop 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise desktop 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise desktop 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise sap 12 SP5
1.2.11-11.37.1
fixed
suse enterprise sap 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise sap 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise sap 15 SP7
1.2.13-150500.4.3.1
fixed
suse enterprise server 12 SP5
1.2.11-11.37.1
fixed
suse enterprise server 15 SP4
1.2.11-150000.3.48.1
fixed
suse enterprise server 15 SP5
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP6
1.2.13-150500.4.3.1
fixed
suse enterprise server 15 SP7
1.2.13-150500.4.3.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
minizip
Amazon Linux 2
0:1.2.7-19.amzn2.0.3
fixed
minizip-compat
Amazon Linux 2023
0:1.2.11-33.amzn2023.0.5
fixed
minizip-compat-debuginfo
Amazon Linux 2023
0:1.2.11-33.amzn2023.0.5
fixed
minizip-compat-devel
Amazon Linux 2023
0:1.2.11-33.amzn2023.0.5
fixed
minizip-devel
Amazon Linux 2
0:1.2.7-19.amzn2.0.3
fixed
zlib
Amazon Linux 2
0:1.2.7-19.amzn2.0.3
fixed
Amazon Linux 2023
0:1.2.11-33.amzn2023.0.5
fixed
zlib-debuginfo
Amazon Linux 2
0:1.2.7-19.amzn2.0.3
fixed
Amazon Linux 2023
0:1.2.11-33.amzn2023.0.5
fixed
zlib-debugsource
Amazon Linux 2023
0:1.2.11-33.amzn2023.0.5
fixed
zlib-devel
Amazon Linux 2
0:1.2.7-19.amzn2.0.3
fixed
Amazon Linux 2023
0:1.2.11-33.amzn2023.0.5
fixed
zlib-static
Amazon Linux 2
0:1.2.7-19.amzn2.0.3
fixed
Amazon Linux 2023
0:1.2.11-33.amzn2023.0.5
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
blosc
Azure Linux 3.0
0:1.21.6-1.azl3
fixed
boost
CBL-Mariner 2.0
0:1.76.0-4.cm2
fixed
cloud-hypervisor
Azure Linux 3.0
0:32.0-2.azl3
fixed
CBL-Mariner 2.0
0:32.0-2.cm2
fixed
cloud-hypervisor-cvm
Azure Linux 3.0
0:38.0.72.2-1.azl3
fixed
CBL-Mariner 2.0
0:38.0.72.2-1.cm2
fixed
keras
Azure Linux 3.0
0:3.1.1-1.azl3
fixed
rubygem-mini_portile2
Azure Linux 3.0
0:2.8.0-1.azl3
fixed
CBL-Mariner 2.0
0:2.8.0-1.cm2
fixed
rust
Azure Linux 3.0
0:0.0.0.azl3
fixed
CBL-Mariner 2.0
0:1.72.0-5.cm2
fixed
tcl
Azure Linux 3.0
0:8.6.13-3.azl3
fixed
CBL-Mariner 2.0
0:8.6.13-3.cm2
fixed
zlib
Azure Linux 3.0
0:1.3.1-1.azl3
fixed
CBL-Mariner 2.0
0:1.2.13-2.cm2
fixed
References