You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Vulnerable Library - mylfsjbigkit-2.1
My Linux From Scratch
Library home page: https://sourceforge.net/projects/mylfs/
Found in HEAD commit: c44e79751a9606bd11bd1704dee2684af7e4570b
Vulnerable Source Files (1)
/vendor/zlib-1.2.11.1/contrib/minizip/zip.c
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-45853
Vulnerable Library - mylfsjbigkit-2.1
My Linux From Scratch
Library home page: https://sourceforge.net/projects/mylfs/
Found in HEAD commit: c44e79751a9606bd11bd1704dee2684af7e4570b
Found in base branch: main
Vulnerable Source Files (1)
/vendor/zlib-1.2.11.1/contrib/minizip/zip.c
Vulnerability Details
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Publish Date: 2023-10-14
URL: CVE-2023-45853
Threat Assessment
Exploit Maturity: Not Defined
EPSS: 0.1%
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2023-45853
Release Date: 2023-10-14
Fix Resolution: v1.3.1
The text was updated successfully, but these errors were encountered: