CVE-2023-46228
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-46228
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46228.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-46228
- Downstream
- Related
- Published
- 2023-10-19T05:15:58Z
- Modified
- 2025-09-19T14:05:40.749357Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c.
- References
Affected packages
Git / github.com/zchunk/zchunk
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zchunk/zchunk
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.2.0
0.2.1
0.2.2
0.3.0
0.4.0
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1
0.6.2
0.6.3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.9.0
0.9.1
0.9.10
0.9.11
0.9.12
0.9.13
0.9.14
0.9.15
0.9.16
0.9.17
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1.0
1.1.1
1.1.10
1.1.11
1.1.12
1.1.13
1.1.15
1.1.16
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "src/lib/comp/zstd/zstd.c",
"function": "compress"
},
"digest": {
"function_hash": "2116317224257454294444470908301265943",
"length": 580.0
},
"id": "CVE-2023-46228-1df40f26"
},
{
"source": "https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/lib/comp/zstd/zstd.c"
},
"digest": {
"line_hashes": [
"151783038907820337332768032358069936399",
"218048448013390636466692561484580968765",
"129563666568855678901503818430373758513"
],
"threshold": 0.9
},
"id": "CVE-2023-46228-747b6bb1"
},
{
"source": "https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/lib/comp/comp.c"
},
"digest": {
"line_hashes": [
"50891357246931241428301543661903216855",
"268537691576956652042615154783358456337",
"170538780926449768924750984331119178741"
],
"threshold": 0.9
},
"id": "CVE-2023-46228-81123c35"
},
{
"source": "https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "src/lib/comp/comp.c",
"function": "comp_add_to_data"
},
"digest": {
"function_hash": "220012156912174916747493423343082481611",
"length": 586.0
},
"id": "CVE-2023-46228-a1bd9b51"
},
{
"source": "https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "src/lib/header.c",
"function": "read_lead"
},
"digest": {
"function_hash": "83797794204366115809677520797476196854",
"length": 3451.0
},
"id": "CVE-2023-46228-a394213e"
},
{
"source": "https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "src/lib/header.c",
"function": "read_header_from_file"
},
"digest": {
"function_hash": "253489117099936424379553422065609071456",
"length": 1798.0
},
"id": "CVE-2023-46228-b6f560c2"
},
{
"source": "https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/lib/dl/multipart.c"
},
"digest": {
"line_hashes": [
"230421266848289640699986192628521717271",
"89038708868757367182763429977579764585",
"131858190201161542646776539494902602956",
"60132037257554523858825685583915777398"
],
"threshold": 0.9
},
"id": "CVE-2023-46228-d821f501"
},
{
"source": "https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "src/lib/header.c"
},
"digest": {
"line_hashes": [
"37353088196060664847905898572083899040",
"163255460043458710172501678537815138093",
"254515630263590307499837953728818130145",
"139931775442813519254309758815221493457",
"320406029921286300374261774297781916014",
"84563566591409761282529658102738365762",
"8963460849298768246649223443021744101",
"311903566025902104718590836131101037335",
"286400840599873318921555913118409240785",
"63216186987284058251629869691277920674"
],
"threshold": 0.9
},
"id": "CVE-2023-46228-e20d5be4"
},
{
"source": "https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe",
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function",
"target": {
"file": "src/lib/dl/multipart.c",
"function": "multipart_extract"
},
"digest": {
"function_hash": "264856671191392251456041341874161471918",
"length": 2334.0
},
"id": "CVE-2023-46228-ee0d9196"
}
]
}