PRIOn knowledge basePRION:CVE-2023-48107

HistoryNov 22, 2023 - 11:15 p.m.

Buffer overflow

2023-11-2223:15:00

PRIOn knowledge base

www.prio-n.com

buffer overflow

zlib-ng

minizip-ng

arbitrary code

crafted file

mz_path_has_slash

mz_os.c

vulnerability

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.0%

JSON

Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file.

CPENameOperatorVersion
minizip-ngeq4.0.2

CPE	Name	Operator	Version
	minizip-ng	eq	4.0.2

References

github.com/zlib-ng/minizip-ng/issues/739

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P3BFGECWPSK5RYDI5GCSW6N2VIXBTUO/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X4BNF4ZDYQZP4JWEY6DBSYKALXQC5QM4/