REDHAT-BUG-2244556: Buffer Overflow
First published: Mon Oct 16 2023(Updated: )
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. <a href="https://www.winimage.com/zLibDll/minizip.html">https://www.winimage.com/zLibDll/minizip.html</a> <a href="https://github.com/madler/zlib/pull/843">https://github.com/madler/zlib/pull/843</a> <a href="https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356">https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356</a> <a href="https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61">https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61</a> <a href="https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4">https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| zlib MiniZip | <1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.winimage.com/zLibDll/minizip.html
- https://github.com/madler/zlib/pull/843
- https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
- https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
- https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2244558
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2244557
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2244559
- https://github.com/madler/zlib/pull/843/commits/431e66398552effd82d5c0ea982a521821782ebd
- https://access.redhat.com/errata/RHSA-2023:7626
- https://bugzilla.redhat.com/show_bug.cgi?id=2244556
Frequently Asked Questions
What is the severity of REDHAT-BUG-2244556?
The severity of REDHAT-BUG-2244556 is classified as critical due to the possibility of a heap-based buffer overflow.
How do I fix REDHAT-BUG-2244556?
To fix REDHAT-BUG-2244556, update MiniZip from zlib to a version newer than 1.3 that addresses the integer overflow.
What systems are affected by REDHAT-BUG-2244556?
REDHAT-BUG-2244556 affects systems using zlib MiniZip version up to 1.3.
What is the impact of REDHAT-BUG-2244556?
The impact of REDHAT-BUG-2244556 includes potential remote code execution due to a buffer overflow.
Is MiniZip supported in zlib concerning REDHAT-BUG-2244556?
No, MiniZip is not a supported part of the zlib product, as noted in REDHAT-BUG-2244556.
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-45853
- agent/last-modified-date
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/zlib
- canonical/zlib minizip