[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2023-45853: overflows in MiniZip in zlib through 1.3
From: Alan Coopersmith <alan.coopersmith () oracle ! com>
Date: 2024-01-24 19:31:36
Message-ID: f9f01b3b-a4cd-444e-bc3f-ad602ff8d587 () oracle ! com
[Download RAW message or body]
On 10/20/23 11:42, Alan Coopersmith wrote:
> CVE-2023-45853 was published last week for:
>
> MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based
> buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or
> extra field. NOTE: MiniZip is not a supported part of the zlib product.
>
> where "long" means "longer than can be stored in the 16-bit length value used
> for the length of these fields".
>
> minizip is part of the contrib directory in zlib, which doesn't seem to be built
> by default as far as I can tell, yet NVD has assigned a CVSS of 9.8 to make CVE
> scanners scream at full volume, while Red Hat went with a CVSS of 5.3 instead:
>
> https://access.redhat.com/security/cve/CVE-2023-45853#cve-cvss-v3
>
> A fix has been checked into the upstream git repo:
> https://github.com/madler/zlib/pull/843
> but a release has not yet been made including it.
The fix was included in this week's zlib 1.3.1 release:
https://github.com/madler/zlib/releases/tag/v1.3.1
That release also contains a fix for CVE-2014-9485, a path traversal
vulnerability, in the miniunz program from the minizip contrib directory:
https://github.com/madler/zlib/commit/14a5f8f266c16c87ab6c086fc52b770b27701e01
--
-Alan Coopersmith- alan.coopersmith@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic