Library zlib has vulnerability CVE-2023-45853 #8167
Labels
Milestone
Comments
github-actions
bot
added
cve
libraries
|
osquery is not using or even compiling the MiniZip project, so it's not affected. |
|
While the fix looks ok it does have an unnecessary runtime performance penalty by doing strlen() on the filename and comment twice in that function. |
|
@Smjert: The CVE is not fixed in 1.3, please add the separate fix. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://nvd.nist.gov/vuln/detail/CVE-2023-45853
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
The text was updated successfully, but these errors were encountered: