Lucene search

K

Gentoo FoundationGLSA-202401-18

HistoryJan 15, 2024 - 12:00 a.m.

zlib: Buffer Overflow

2024-01-1500:00:00

Gentoo Foundation

security.gentoo.org

8

zlib

buffer overflow

minizip

integer overflow

heap-based buffer overflow

cve identifier

data compression library

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

Background

zlib is a widely used free and patent unencumbered data compression library.

Description

A vulnerability has been discovered in zlib. Please review the CVE identifier referenced below for details.

Impact

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in ZipOpenNewFileInZip4_64 via a long filename, comment, or extra field.

Workaround

There is no known workaround at this time.

Resolution

All zlib users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=sys-libs/zlib-1.2.13-r2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-libs/zlib< 1.2.13-r2UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.8%

Related for GLSA-202401-18

redhatcve1 cve1 cloudlinux1 nessus44 ibm4 openvas38 ubuntucve1 cbl_mariner11 osv3 alpinelinux1 cgr1 cvelist1 github1 veracode1 debian1 amazon1 prion1 mageia1 redos1 nvd1 debiancve1 wolfi1 photon3 redhat1 ics1