You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Vulnerable Library - mylfsjbigkit-2.1
My Linux From Scratch
Library home page: https://sourceforge.net/projects/mylfs/
Vulnerable Source Files (1)
/vendor/zlib-1.2.11.1/contrib/minizip/zip.c
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-45853
Vulnerable Library - mylfsjbigkit-2.1
My Linux From Scratch
Library home page: https://sourceforge.net/projects/mylfs/
Found in base branch: main
Vulnerable Source Files (1)
/vendor/zlib-1.2.11.1/contrib/minizip/zip.c
Vulnerability Details
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Publish Date: 2023-10-14
URL: CVE-2023-45853
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2023-45853
Release Date: 2023-10-14
Fix Resolution: v1.3.1
The text was updated successfully, but these errors were encountered: