mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 10:17:57 +00:00
1.3 KiB
1.3 KiB
CVE-2023-45853
Description
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
POC
Reference
No PoCs from references.
Github
- https://github.com/13m0n4de/neko-quiz
- https://github.com/DmitryIll/shvirtd-example-python
- https://github.com/GrigGM/05-virt-04-docker-hw
- https://github.com/bariskanber/zlib-1.3-deb
- https://github.com/bartvoet/assignment-ehb-security-review-adamlenez
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/fokypoky/places-list
- https://github.com/jina-ai/reader
- https://github.com/marklogic/marklogic-kubernetes
- https://github.com/ministryofjustice/cica-apply-data-capture-service
- https://github.com/shakyaraj9569/Documentation