You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
CVE-2023-45853 - Critical Severity Vulnerability
Vulnerable Library - nodev7.6.0
Node.js JavaScript runtime β¨π’πβ¨
Library home page: https://github.com/iojs/io.js.git
Found in HEAD commit: 269549b7a965a40a6e1f82f6c5dbf890108e54e6
Found in base branch: master
Vulnerable Source Files (3)
/node_modules/grpc/deps/grpc/third_party/zlib/contrib/minizip/zip.c
/node_modules/grpc/deps/grpc/third_party/zlib/contrib/minizip/zip.c
/node_modules/grpc/deps/grpc/third_party/zlib/contrib/minizip/zip.c
Vulnerability Details
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
Publish Date: 2023-10-14
URL: CVE-2023-45853
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://security-tracker.debian.org/tracker/CVE-2023-45853
Release Date: 2023-10-14
Fix Resolution: v1.3.1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: