DEBIAN-CVE-2023-45853

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-45853

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-45853.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-45853

Upstream

CVE-2023-45853

Published

2023-10-14T02:15:09Z

Modified

2025-09-25T23:28:50.392716Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.

References

https://security-tracker.debian.org/tracker/CVE-2023-45853

Affected packages

Debian:11

minizip

Package

Name: minizip
Purl: pkg:deb/debian/minizip?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1-8+deb11u1

Affected versions

1.*

1.1-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

zlib

Package

Name: zlib
Purl: pkg:deb/debian/zlib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.2.11.dfsg-2

1:1.2.11.dfsg-2+deb11u1

1:1.2.11.dfsg-2+deb11u2

1:1.2.11.dfsg-3

1:1.2.11.dfsg-4

1:1.2.11.dfsg-4.1

1:1.2.13.dfsg-1

1:1.2.13.dfsg-2

1:1.2.13.dfsg-3

1:1.3.dfsg-1

1:1.3.dfsg-2

1:1.3.dfsg-3

1:1.3.dfsg-3.1~exp1

1:1.3.dfsg-3.1

1:1.3.dfsg+really1.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12

minizip

Package

Name: minizip
Purl: pkg:deb/debian/minizip?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1-8+deb12u1

Affected versions

1.*

1.1-8

Ecosystem specific

{
    "urgency": "not yet assigned"
}

zlib

Package

Name: zlib
Purl: pkg:deb/debian/zlib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:1.*

1:1.2.13.dfsg-1

1:1.2.13.dfsg-2

1:1.2.13.dfsg-3

1:1.3.dfsg-1

1:1.3.dfsg-2

1:1.3.dfsg-3

1:1.3.dfsg-3.1~exp1

1:1.3.dfsg-3.1

1:1.3.dfsg+really1.3.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13

zlib

Package

Name: zlib
Purl: pkg:deb/debian/zlib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.3.dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14

zlib

Package

Name: zlib
Purl: pkg:deb/debian/zlib?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.3.dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}