Debian Security Bug TrackerDEBIANCVE:CVE-2023-45853CVE-2023-45853
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.8%
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | minizip | < 1.1-8+deb12u1 | minizip_1.1-8+deb12u1_all.deb |
| Debian | 11 | all | minizip | < 1.1-8+deb11u1 | minizip_1.1-8+deb11u1_all.deb |
| Debian | 10 | all | minizip | < 1.1-8+deb10u1 | minizip_1.1-8+deb10u1_all.deb |
| Debian | 12 | all | zlib | <= 1:1.2.13.dfsg-1 | zlib_1:1.2.13.dfsg-1_all.deb |
| Debian | 11 | all | zlib | <= 1:1.2.11.dfsg-2+deb11u2 | zlib_1:1.2.11.dfsg-2+deb11u2_all.deb |
| Debian | 10 | all | zlib | <= 1:1.2.11.dfsg-1+deb10u1 | zlib_1:1.2.11.dfsg-1+deb10u1_all.deb |
| Debian | 999 | all | zlib | < 1:1.3.dfsg-2 | zlib_1:1.3.dfsg-2_all.deb |
| Debian | 13 | all | zlib | < 1:1.3.dfsg-2 | zlib_1:1.3.dfsg-2_all.deb |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
46.8%