CVE-2023-45853: overflows in MiniZip in zlib through 1.3

CVE-2023-45853: overflows in MiniZip in zlib through 1.3

Open Source Security 

Posted by Alan Coopersmith on Oct 20

CVE-2023-45853 was published last week for:

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based
buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or
extra field. NOTE: MiniZip is not a supported part of the zlib product.

where „long“ means „longer than can be stored in the 16-bit length value used
for the length of these fields“.

minizip is part of the contrib…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert