Lucene search
GoogleOSV:CVE-2023-48106HistoryNov 22, 2023 - 6:15 p.m.
CVE-2023-48106
2023-11-2218:15:09
Google
osv.dev
7
buffer overflow
zlib-ng
minizip-ng
arbitrary code execution
crafted file
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
46.2%
Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file.
References
Related
cvelist
cvelist
CVE-2023-48106
2023-11-22 00:00:00
veracode
veracode
Heap Buffer Overflow
2023-11-23 06:49:59
prion
prion
Buffer overflow
2023-11-22 18:15:00
nvd
nvd
CVE-2023-48106
2023-11-22 18:15:09
cve
cve
CVE-2023-48106
2023-11-22 18:15:09
redos
redos
ROS-20240328-13
2024-03-28 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
7.7
Confidence
High
EPSS
0.001
Percentile
46.2%
Related for OSV:CVE-2023-48106