msrc_cve-2023-45853
Vulnerability from csaf_microsoft
Published
2023-10-01 00:00
Modified
2025-02-11 00:00
Summary
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version and exposes the applicable MiniZip code through its compress API.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45853 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version and exposes the applicable MiniZip code through its compress API. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-45853.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version and exposes the applicable MiniZip code through its compress API.",
"tracking": {
"current_release_date": "2025-02-11T00:00:00.000Z",
"generator": {
"date": "2025-10-20T00:44:26.400Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-45853",
"initial_release_date": "2023-10-01T00:00:00.000Z",
"revision_history": [
{
"date": "2023-10-16T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2023-10-17T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added tcl to CBL-Mariner 2.0"
},
{
"date": "2024-06-30T07:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
},
{
"date": "2024-07-13T00:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Information published."
},
{
"date": "2024-08-29T00:00:00.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Information published."
},
{
"date": "2024-08-30T00:00:00.000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Information published."
},
{
"date": "2024-08-31T00:00:00.000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Information published."
},
{
"date": "2024-09-01T00:00:00.000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Information published."
},
{
"date": "2024-09-02T00:00:00.000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Information published."
},
{
"date": "2024-09-03T00:00:00.000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Information published."
},
{
"date": "2024-09-05T00:00:00.000Z",
"legacy_version": "2",
"number": "11",
"summary": "Information published."
},
{
"date": "2024-09-06T00:00:00.000Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Information published."
},
{
"date": "2024-09-07T00:00:00.000Z",
"legacy_version": "2.2",
"number": "13",
"summary": "Information published."
},
{
"date": "2024-09-08T00:00:00.000Z",
"legacy_version": "2.3",
"number": "14",
"summary": "Information published."
},
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "2.4",
"number": "15",
"summary": "Information published."
},
{
"date": "2025-02-11T00:00:00.000Z",
"legacy_version": "2.5",
"number": "16",
"summary": "Added blosc to Azure Linux 3.0\nAdded cloud-hypervisor-cvm to Azure Linux 3.0\nAdded nmap to Azure Linux 3.0\nAdded zlib to Azure Linux 3.0\nAdded tcl to Azure Linux 3.0\nAdded rust to Azure Linux 3.0\nAdded keras to Azure Linux 3.0\nAdded cloud-hypervisor-cvm to CBL-Mariner 2.0\nAdded cloud-hypervisor to CBL-Mariner 2.0\nAdded rust to CBL-Mariner 2.0\nAdded zlib to CBL-Mariner 2.0\nAdded boost to CBL-Mariner 2.0\nAdded tcl to CBL-Mariner 2.0"
}
],
"status": "final",
"version": "16"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 zlib 1.3-1",
"product": {
"name": "\u003cazl3 zlib 1.3-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 zlib 1.3-1",
"product": {
"name": "azl3 zlib 1.3-1",
"product_id": "20146"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 zlib 1.2.13-2",
"product": {
"name": "\u003ccbl2 zlib 1.2.13-2",
"product_id": "32"
}
},
{
"category": "product_version",
"name": "cbl2 zlib 1.2.13-2",
"product": {
"name": "cbl2 zlib 1.2.13-2",
"product_id": "18101"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 zlib 1.3.1-1",
"product": {
"name": "\u003cazl3 zlib 1.3.1-1",
"product_id": "24"
}
},
{
"category": "product_version",
"name": "azl3 zlib 1.3.1-1",
"product": {
"name": "azl3 zlib 1.3.1-1",
"product_id": "18109"
}
}
],
"category": "product_name",
"name": "zlib"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 keras 2.11.0-3",
"product": {
"name": "\u003cazl3 keras 2.11.0-3",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 keras 2.11.0-3",
"product": {
"name": "azl3 keras 2.11.0-3",
"product_id": "20167"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 keras 3.1.1-1",
"product": {
"name": "\u003cazl3 keras 3.1.1-1",
"product_id": "25"
}
},
{
"category": "product_version",
"name": "azl3 keras 3.1.1-1",
"product": {
"name": "azl3 keras 3.1.1-1",
"product_id": "18108"
}
}
],
"category": "product_name",
"name": "keras"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72.2-1",
"product": {
"name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72.2-1",
"product_id": "38"
}
},
{
"category": "product_version",
"name": "cbl2 cloud-hypervisor-cvm 38.0.72.2-1",
"product": {
"name": "cbl2 cloud-hypervisor-cvm 38.0.72.2-1",
"product_id": "16977"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72.2-1",
"product": {
"name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72.2-1",
"product_id": "37"
}
},
{
"category": "product_version",
"name": "azl3 cloud-hypervisor-cvm 38.0.72.2-1",
"product": {
"name": "azl3 cloud-hypervisor-cvm 38.0.72.2-1",
"product_id": "16982"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72-1",
"product": {
"name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72-1",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "cbl2 cloud-hypervisor-cvm 38.0.72-1",
"product": {
"name": "cbl2 cloud-hypervisor-cvm 38.0.72-1",
"product_id": "19801"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72-2",
"product": {
"name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72-2",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "azl3 cloud-hypervisor-cvm 38.0.72-2",
"product": {
"name": "azl3 cloud-hypervisor-cvm 38.0.72-2",
"product_id": "19807"
}
}
],
"category": "product_name",
"name": "cloud-hypervisor-cvm"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 rubygem-mini_portile2 2.8.0-1",
"product": {
"name": "\u003ccbl2 rubygem-mini_portile2 2.8.0-1",
"product_id": "33"
}
},
{
"category": "product_version",
"name": "cbl2 rubygem-mini_portile2 2.8.0-1",
"product": {
"name": "cbl2 rubygem-mini_portile2 2.8.0-1",
"product_id": "18100"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 rubygem-mini_portile2 2.8.0-1",
"product": {
"name": "\u003cazl3 rubygem-mini_portile2 2.8.0-1",
"product_id": "22"
}
},
{
"category": "product_version",
"name": "azl3 rubygem-mini_portile2 2.8.0-1",
"product": {
"name": "azl3 rubygem-mini_portile2 2.8.0-1",
"product_id": "18111"
}
}
],
"category": "product_name",
"name": "rubygem-mini_portile2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 tcl 8.6.13-3",
"product": {
"name": "\u003ccbl2 tcl 8.6.13-3",
"product_id": "31"
}
},
{
"category": "product_version",
"name": "cbl2 tcl 8.6.13-3",
"product": {
"name": "cbl2 tcl 8.6.13-3",
"product_id": "18102"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 tcl 8.6.13-3",
"product": {
"name": "\u003cazl3 tcl 8.6.13-3",
"product_id": "23"
}
},
{
"category": "product_version",
"name": "azl3 tcl 8.6.13-3",
"product": {
"name": "azl3 tcl 8.6.13-3",
"product_id": "18110"
}
}
],
"category": "product_name",
"name": "tcl"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 rust 1.72.0-5",
"product": {
"name": "\u003ccbl2 rust 1.72.0-5",
"product_id": "30"
}
},
{
"category": "product_version",
"name": "cbl2 rust 1.72.0-5",
"product": {
"name": "cbl2 rust 1.72.0-5",
"product_id": "18103"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 rust 1.85.0-1",
"product": {
"name": "\u003cazl3 rust 1.85.0-1",
"product_id": "27"
}
},
{
"category": "product_version",
"name": "azl3 rust 1.85.0-1",
"product": {
"name": "azl3 rust 1.85.0-1",
"product_id": "18106"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 rust 1.75.0-1",
"product": {
"name": "\u003cazl3 rust 1.75.0-1",
"product_id": "34"
}
},
{
"category": "product_version",
"name": "azl3 rust 1.75.0-1",
"product": {
"name": "azl3 rust 1.75.0-1",
"product_id": "17735"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 rust 1.75.0-14",
"product": {
"name": "\u003cazl3 rust 1.75.0-14",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "azl3 rust 1.75.0-14",
"product": {
"name": "azl3 rust 1.75.0-14",
"product_id": "19671"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 rust 1.86.0-1",
"product": {
"name": "\u003cazl3 rust 1.86.0-1",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "azl3 rust 1.86.0-1",
"product": {
"name": "azl3 rust 1.86.0-1",
"product_id": "19686"
}
}
],
"category": "product_name",
"name": "rust"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cloud-hypervisor 32.0-2",
"product": {
"name": "\u003ccbl2 cloud-hypervisor 32.0-2",
"product_id": "29"
}
},
{
"category": "product_version",
"name": "cbl2 cloud-hypervisor 32.0-2",
"product": {
"name": "cbl2 cloud-hypervisor 32.0-2",
"product_id": "18104"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 cloud-hypervisor 32.0-2",
"product": {
"name": "\u003cazl3 cloud-hypervisor 32.0-2",
"product_id": "21"
}
},
{
"category": "product_version",
"name": "azl3 cloud-hypervisor 32.0-2",
"product": {
"name": "azl3 cloud-hypervisor 32.0-2",
"product_id": "18112"
}
}
],
"category": "product_name",
"name": "cloud-hypervisor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 boost 1.76.0-4",
"product": {
"name": "\u003ccbl2 boost 1.76.0-4",
"product_id": "28"
}
},
{
"category": "product_version",
"name": "cbl2 boost 1.76.0-4",
"product": {
"name": "cbl2 boost 1.76.0-4",
"product_id": "18105"
}
}
],
"category": "product_name",
"name": "boost"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 blosc 1.21.6-1",
"product": {
"name": "\u003cazl3 blosc 1.21.6-1",
"product_id": "26"
}
},
{
"category": "product_version",
"name": "azl3 blosc 1.21.6-1",
"product": {
"name": "azl3 blosc 1.21.6-1",
"product_id": "18107"
}
}
],
"category": "product_name",
"name": "blosc"
},
{
"category": "product_name",
"name": "cbl2 rubygem-mini_portile2 2.8.0-1",
"product": {
"name": "cbl2 rubygem-mini_portile2 2.8.0-1",
"product_id": "9"
}
},
{
"category": "product_name",
"name": "azl3 binutils 2.41-5",
"product": {
"name": "azl3 binutils 2.41-5",
"product_id": "18"
}
},
{
"category": "product_name",
"name": "azl3 boost 1.83.0-2",
"product": {
"name": "azl3 boost 1.83.0-2",
"product_id": "3"
}
},
{
"category": "product_name",
"name": "azl3 cloud-hypervisor 37.0-2",
"product": {
"name": "azl3 cloud-hypervisor 37.0-2",
"product_id": "8"
}
},
{
"category": "product_name",
"name": "azl3 crash 8.0.4-4",
"product": {
"name": "azl3 crash 8.0.4-4",
"product_id": "19"
}
},
{
"category": "product_name",
"name": "azl3 gcc 13.2.0-7",
"product": {
"name": "azl3 gcc 13.2.0-7",
"product_id": "20"
}
},
{
"category": "product_name",
"name": "azl3 gdb 13.2-4",
"product": {
"name": "azl3 gdb 13.2-4",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "azl3 grpc 1.62.3-1",
"product": {
"name": "azl3 grpc 1.62.3-1",
"product_id": "36"
}
},
{
"category": "product_name",
"name": "azl3 nmap 7.94-1",
"product": {
"name": "azl3 nmap 7.94-1",
"product_id": "11"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "35"
}
},
{
"category": "product_name",
"name": "azl3 ceph 18.2.2-8",
"product": {
"name": "azl3 ceph 18.2.2-8",
"product_id": "17"
}
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "13"
}
},
{
"category": "product_name",
"name": "azl3 rubygem-mini_portile2 2.8.4-1",
"product": {
"name": "azl3 rubygem-mini_portile2 2.8.4-1",
"product_id": "10"
}
},
{
"category": "product_name",
"name": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "cbl2 python-tensorboard 2.11.0-3",
"product_id": "12"
}
},
{
"category": "product_name",
"name": "cbl2 ceph 16.2.10-7",
"product": {
"name": "cbl2 ceph 16.2.10-7",
"product_id": "5"
}
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "16"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rubygem-mini_portile2 2.8.0-1 as a component of CBL Mariner 2.0",
"product_id": "17086-9"
},
"product_reference": "9",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 binutils 2.41-5 as a component of Azure Linux 3.0",
"product_id": "17084-18"
},
"product_reference": "18",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 boost 1.83.0-2 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cloud-hypervisor 37.0-2 as a component of Azure Linux 3.0",
"product_id": "17084-8"
},
"product_reference": "8",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 crash 8.0.4-4 as a component of Azure Linux 3.0",
"product_id": "17084-19"
},
"product_reference": "19",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 gcc 13.2.0-7 as a component of Azure Linux 3.0",
"product_id": "17084-20"
},
"product_reference": "20",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 gdb 13.2-4 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 grpc 1.62.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-36"
},
"product_reference": "36",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 nmap 7.94-1 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 zlib 1.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 zlib 1.3-1 as a component of Azure Linux 3.0",
"product_id": "20146-17084"
},
"product_reference": "20146",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-35"
},
"product_reference": "35",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 ceph 18.2.2-8 as a component of Azure Linux 3.0",
"product_id": "17084-17"
},
"product_reference": "17",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-13"
},
"product_reference": "13",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 keras 2.11.0-3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 keras 2.11.0-3 as a component of Azure Linux 3.0",
"product_id": "20167-17084"
},
"product_reference": "20167",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72.2-1 as a component of CBL Mariner 2.0",
"product_id": "17086-38"
},
"product_reference": "38",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cloud-hypervisor-cvm 38.0.72.2-1 as a component of CBL Mariner 2.0",
"product_id": "16977-17086"
},
"product_reference": "16977",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 rubygem-mini_portile2 2.8.0-1 as a component of CBL Mariner 2.0",
"product_id": "17086-33"
},
"product_reference": "33",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rubygem-mini_portile2 2.8.0-1 as a component of CBL Mariner 2.0",
"product_id": "18100-17086"
},
"product_reference": "18100",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 zlib 1.2.13-2 as a component of CBL Mariner 2.0",
"product_id": "17086-32"
},
"product_reference": "32",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 zlib 1.2.13-2 as a component of CBL Mariner 2.0",
"product_id": "18101-17086"
},
"product_reference": "18101",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 tcl 8.6.13-3 as a component of CBL Mariner 2.0",
"product_id": "17086-31"
},
"product_reference": "31",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tcl 8.6.13-3 as a component of CBL Mariner 2.0",
"product_id": "18102-17086"
},
"product_reference": "18102",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 rust 1.72.0-5 as a component of CBL Mariner 2.0",
"product_id": "17086-30"
},
"product_reference": "30",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rust 1.72.0-5 as a component of CBL Mariner 2.0",
"product_id": "18103-17086"
},
"product_reference": "18103",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cloud-hypervisor 32.0-2 as a component of CBL Mariner 2.0",
"product_id": "17086-29"
},
"product_reference": "29",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cloud-hypervisor 32.0-2 as a component of CBL Mariner 2.0",
"product_id": "18104-17086"
},
"product_reference": "18104",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 boost 1.76.0-4 as a component of CBL Mariner 2.0",
"product_id": "17086-28"
},
"product_reference": "28",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 boost 1.76.0-4 as a component of CBL Mariner 2.0",
"product_id": "18105-17086"
},
"product_reference": "18105",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 rust 1.85.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-27"
},
"product_reference": "27",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.85.0-1 as a component of Azure Linux 3.0",
"product_id": "18106-17084"
},
"product_reference": "18106",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 blosc 1.21.6-1 as a component of Azure Linux 3.0",
"product_id": "17084-26"
},
"product_reference": "26",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 blosc 1.21.6-1 as a component of Azure Linux 3.0",
"product_id": "18107-17084"
},
"product_reference": "18107",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72.2-1 as a component of Azure Linux 3.0",
"product_id": "17084-37"
},
"product_reference": "37",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cloud-hypervisor-cvm 38.0.72.2-1 as a component of Azure Linux 3.0",
"product_id": "16982-17084"
},
"product_reference": "16982",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 keras 3.1.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-25"
},
"product_reference": "25",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 keras 3.1.1-1 as a component of Azure Linux 3.0",
"product_id": "18108-17084"
},
"product_reference": "18108",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 zlib 1.3.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-24"
},
"product_reference": "24",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 zlib 1.3.1-1 as a component of Azure Linux 3.0",
"product_id": "18109-17084"
},
"product_reference": "18109",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 tcl 8.6.13-3 as a component of Azure Linux 3.0",
"product_id": "17084-23"
},
"product_reference": "23",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tcl 8.6.13-3 as a component of Azure Linux 3.0",
"product_id": "18110-17084"
},
"product_reference": "18110",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 rust 1.75.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-34"
},
"product_reference": "34",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.75.0-1 as a component of Azure Linux 3.0",
"product_id": "17735-17084"
},
"product_reference": "17735",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 rubygem-mini_portile2 2.8.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-22"
},
"product_reference": "22",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rubygem-mini_portile2 2.8.0-1 as a component of Azure Linux 3.0",
"product_id": "18111-17084"
},
"product_reference": "18111",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cloud-hypervisor 32.0-2 as a component of Azure Linux 3.0",
"product_id": "17084-21"
},
"product_reference": "21",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cloud-hypervisor 32.0-2 as a component of Azure Linux 3.0",
"product_id": "18112-17084"
},
"product_reference": "18112",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rubygem-mini_portile2 2.8.4-1 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 rust 1.75.0-14 as a component of Azure Linux 3.0",
"product_id": "17084-15"
},
"product_reference": "15",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.75.0-14 as a component of Azure Linux 3.0",
"product_id": "19671-17084"
},
"product_reference": "19671",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-tensorboard 2.11.0-3 as a component of CBL Mariner 2.0",
"product_id": "17086-12"
},
"product_reference": "12",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 ceph 16.2.10-7 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-16"
},
"product_reference": "16",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cloud-hypervisor-cvm 38.0.72-1 as a component of CBL Mariner 2.0",
"product_id": "17086-7"
},
"product_reference": "7",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cloud-hypervisor-cvm 38.0.72-1 as a component of CBL Mariner 2.0",
"product_id": "19801-17086"
},
"product_reference": "19801",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cloud-hypervisor-cvm 38.0.72-2 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cloud-hypervisor-cvm 38.0.72-2 as a component of Azure Linux 3.0",
"product_id": "19807-17084"
},
"product_reference": "19807",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 rust 1.86.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.86.0-1 as a component of Azure Linux 3.0",
"product_id": "19686-17084"
},
"product_reference": "19686",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45853",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-3",
"17084-35",
"17084-17",
"17084-13",
"17086-12",
"17086-5",
"17086-16"
]
},
{
"label": "vulnerable_code_not_in_execute_path",
"product_ids": [
"17086-9",
"17084-10"
]
},
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-18",
"17084-8",
"17084-19",
"17084-20",
"17084-4",
"17084-36",
"17084-11"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20146-17084",
"20167-17084",
"16977-17086",
"18100-17086",
"18101-17086",
"18102-17086",
"18103-17086",
"18104-17086",
"18105-17086",
"18106-17084",
"18107-17084",
"16982-17084",
"18108-17084",
"18109-17084",
"18110-17084",
"17735-17084",
"18111-17084",
"18112-17084",
"19671-17084",
"19801-17086",
"19807-17084",
"19686-17084"
],
"known_affected": [
"17084-2",
"17084-1",
"17086-38",
"17086-33",
"17086-32",
"17086-31",
"17086-30",
"17086-29",
"17086-28",
"17084-27",
"17084-26",
"17084-37",
"17084-25",
"17084-24",
"17084-23",
"17084-34",
"17084-22",
"17084-21",
"17084-15",
"17086-7",
"17084-6",
"17084-14"
],
"known_not_affected": [
"17086-9",
"17084-18",
"17084-3",
"17084-8",
"17084-19",
"17084-20",
"17084-4",
"17084-36",
"17084-11",
"17084-35",
"17084-17",
"17084-13",
"17084-10",
"17086-12",
"17086-5",
"17086-16"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-45853 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version and exposes the applicable MiniZip code through its compress API. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-45853.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "1.3.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2",
"17084-24"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "3.1.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"17084-25"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-38",
"17084-37"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "2.8.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-33",
"17084-22"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "1.2.13-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-32"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "8.6.13-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-31",
"17084-23"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "1.72.0-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-30"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "32.0-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-29",
"17084-21"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "1.76.0-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-28"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "1.85.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-27"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "1.21.6-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-26"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "1.75.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-34",
"17084-15"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "38.0.72.2-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-7",
"17084-6"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-10-16T00:00:00.000Z",
"details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-14"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-2",
"17084-1",
"17086-38",
"17086-33",
"17086-32",
"17086-31",
"17086-30",
"17086-29",
"17086-28",
"17084-27",
"17084-26",
"17084-37",
"17084-25",
"17084-24",
"17084-23",
"17084-34",
"17084-22",
"17084-21",
"17084-15",
"17086-7",
"17084-6",
"17084-14"
]
}
],
"title": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version and exposes the applicable MiniZip code through its compress API."
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…