CVE-2023-45853
14.10.2023, 02:15
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| zlib | zlib | 𝑥 < 1.3.1 |
| smihica | pyminizip | 𝑥 ≤ 0.2.6 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| zlib | zlib | 𝑥 < 1.3 | ADP |
| Siemens | CADRA | 𝑥 < V2511 | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | V3.1.0 ≤ 𝑥 < V3.1.5 | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | V3.1.0 ≤ 𝑥 < V3.1.5 | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | V3.1.0 ≤ 𝑥 < V3.1.5 | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | V3.1.0 ≤ 𝑥 < V3.1.5 | ADP |
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | V3.1.0 ≤ 𝑥 < V3.1.5 | ADP |
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| klibc |
| ||||||||||||||||||
| rsync |
| ||||||||||||||||||
| zlib |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libminizip1 |
| ||||||||||||||||||||||||||||||
| libz1 |
| ||||||||||||||||||||||||||||||
| libz1-32bit |
| ||||||||||||||||||||||||||||||
| minizip-devel |
| ||||||||||||||||||||||||||||||
| zlib-devel |
| ||||||||||||||||||||||||||||||
| zlib-devel-32bit |
| ||||||||||||||||||||||||||||||
| zlib-devel-static |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| minizip |
| ||||
| minizip-compat |
| ||||
| minizip-compat-debuginfo |
| ||||
| minizip-compat-devel |
| ||||
| minizip-devel |
| ||||
| zlib |
| ||||
| zlib-debuginfo |
| ||||
| zlib-debugsource |
| ||||
| zlib-devel |
| ||||
| zlib-static |
|
Azure Linux Releases
Azure Package | |||||
|---|---|---|---|---|---|
| blosc |
| ||||
| boost |
| ||||
| cloud-hypervisor |
| ||||
| cloud-hypervisor-cvm |
| ||||
| keras |
| ||||
| rubygem-mini_portile2 |
| ||||
| rust |
| ||||
| tcl |
| ||||
| zlib |
|
References