cve/2023/CVE-2023-45853.md

### [CVE-2023-45853](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45853)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/DmitryIll/shvirtd-example-python
- https://github.com/GrigGM/05-virt-04-docker-hw
- https://github.com/bariskanber/zlib-1.3-deb
- https://github.com/bartvoet/assignment-ehb-security-review-adamlenez
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/fokypoky/places-list
- https://github.com/jina-ai/reader
- https://github.com/marklogic/marklogic-kubernetes
- https://github.com/shakyaraj9569/Documentation