157 matches found
Amazon Linux 2 : zlib (ALAS-2023-2320)
The version of zlib installed on the remote host is prior to 1.2.7-19. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2320 advisory. MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long...
Medium: zlib
Issue Overview: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. CVE-2023-45853 Affected Packages: zlib Note: This advisor...
SUSE SLES12: libz1 / libz1-32bit / zlib-devel / zlib-devel-32bit / etc (SUSE-SU-2023:4216-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4216-1 advisory. - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent bsc1216378. Tenable has extract...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : zlib (SUSE-SU-2023:4217-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4217-1 advisory. - MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in...
The vulnerability of the zipOpenNewFileInZip4_64() function in the MiniZip package from the zlib library allows a attacker to compromise the integrity, accessibility, and confidentiality of the protected information.
The vulnerability of the zipOpenNewFileInZip464 function in the MiniZip package from the zlib library is related to integer overflow when processing file name lengths. Exploiting this vulnerability could allow an attacker to compromise the integrity, accessibility, and confidentiality of the...
zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698180806 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698180296 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698180079 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698179874 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698179730 zlib: Fix of CVE-2023-45853
CVE-2023-45853: Reject overflows of zip header fields in minizip...
CLSA-2023-1698179598 Fix CVE(s): CVE-2023-45853
SECURITY UPDATE: Reject overflows of zip header fields in minizip - debian/patches/CVE-2023-45853.patch: Check length of comment, filename and extra field in zipOpenNewFileInZip464 - CVE-2023-45853...
CLSA-2023-1698179235 Fix CVE(s): CVE-2023-45853
SECURITY UPDATE: Reject overflows of zip header fields in minizip - debian/patches/CVE-2023-45853.patch: Check length of comment, filename and extra field in zipOpenNewFileInZip464 - CVE-2023-45853...
OESA-2023-1751 zlib security update
Zlib is a free, general-purpose, not covered by any patents, lossless data-compression library for use on virtually any computer hardware and operating system. The zlib data format is itself portable across platforms. Security Fixes: MiniZip in zlib through 1.3 has an integer overflow and resulta...
ROS-20231020-01
A vulnerability in the MiniZip component of the zlib library is related to an integer overflow and resulting heap-based buffer overflow in zipOpenNewFileInZip464 via long filename, comment or additional field. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...
SUSE CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
CVE-2023-45853
A flaw was found in the MiniZip component of the zlib package. When opening a new file, MiniZip doesn't properly validate the filename, comments, or extra fields length against the data type used to store this information. This may allow an attacker to craft a malicious ZIP file that will lead to...
GHSA-MQ29-J5XF-CJWR pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. pyminizip uses version 1.2.11 of zlib's code...
AZL-35400 CVE-2023-45853 affecting package zlib for versions less than 1.3.1-1
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...
AZL-33350 CVE-2023-45853 affecting package rubygem-mini_portile2 for versions less than 2.8.0-1
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip464 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an...