CVE-2023-45853 - MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipO

CVE-2023-45853

Summary

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

References

Vulnerable Configurations

cpe:2.3:a:zlib:zlib:-:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:-:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.9:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.9:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.61:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.61:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.71:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.71:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.91:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.91:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.92:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.92:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.93:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.93:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.94:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.94:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.95:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.95:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.99:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:0.99:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0:prerelease:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0:prerelease:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.4:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.3:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.3:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-190

CAPEC

Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

24-01-2024 - 21:15

Published

14-10-2023 - 02:15

Last modified

24-01-2024 - 21:15