admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-45853.md
0xMarcio 4edef1e4c8 Update CVE sources 2024-05-28 08:49
2024-05-28 08:49:17 +00:00

26 lines
1.2 KiB
Markdown
Raw Blame History

### [CVE-2023-45853](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45853)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/DmitryIll/shvirtd-example-python
- https://github.com/GrigGM/05-virt-04-docker-hw
- https://github.com/bariskanber/zlib-1.3-deb
- https://github.com/bartvoet/assignment-ehb-security-review-adamlenez
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/fokypoky/places-list
- https://github.com/jina-ai/reader
- https://github.com/marklogic/marklogic-kubernetes
- https://github.com/shakyaraj9569/Documentation
Reference in New Issue View Git Blame Copy Permalink