MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.
{ "vanir_signatures": [ { "target": { "file": "contrib/infback9/inftree9.c" }, "signature_type": "Line", "digest": { "line_hashes": [ "215690993403917231272694230425219987002", "7019122414051018615790014750645896555", "255906567231977922390158965099391548767", "2979242068947975725579226479034357614", "183751973083521201577729731315703301636", "248844941626262695281549603824626887338", "320788635962490165830021216345105451853", "139412783718332547720366439434782111756" ], "threshold": 0.9 }, "id": "CVE-2023-45853-25ba5c2b", "signature_version": "v1", "deprecated": false, "source": "https://github.com/madler/zlib/commit/51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf" }, { "target": { "file": "inftrees.c" }, "signature_type": "Line", "digest": { "line_hashes": [ "146082642291687623367597030759784561315", "152050153557000594638610353463892202290", "167871161695338292225404021815429421053", "226964300907398093233119743133210393617", "210714638011015966034035419241960876875", "299788994572251005544425986055084261218", "278248442459515735326130533085265985381", "222024272414522711481295922899227189988" ], "threshold": 0.9 }, "id": "CVE-2023-45853-6a37fcaf", "signature_version": "v1", "deprecated": false, "source": "https://github.com/madler/zlib/commit/51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf" }, { "target": { "file": "deflate.c" }, "signature_type": "Line", "digest": { "line_hashes": [ "178093991456060150070942589027539997666", "67123618263193801280741285694335332119", "140132922840055513513963220051526309244" ], "threshold": 0.9 }, "id": "CVE-2023-45853-b4d1ee7a", "signature_version": "v1", "deprecated": false, "source": "https://github.com/madler/zlib/commit/51b7f2abdade71cd9bb0e7a373ef2610ec6f9daf" } ] }