916484 – (CVE-2023-45853) <sys-libs/zlib-1.2.13-r2[minizip]: Buffer overflow

Bug 916484 (CVE-2023-45853) - <sys-libs/zlib-1.2.13-r2[minizip]: Buffer overflow

Summary: <sys-libs/zlib-1.2.13-r2[minizip]: Buffer overflow

Status:	RESOLVED FIXED

Alias:	CVE-2023-45853

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal critical (vote)
Assignee:	Gentoo Security

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:	A2 [glsa+]
Keywords:

Depends on:	916525
Blocks:
	Show dependency tree

Reported:	2023-10-29 11:21 UTC by Sam James
Modified:	2024-01-27 18:44 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/madler/zlib/pull/843 https://chromium-review.googlesource.com/c/chromium/src/+/4773479 https://chromium-review.googlesource.com/c/chromium/src/+/4769365 923035
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2023-10-29 11:21:44 UTC

"MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product."

Comment 1 Sam James archtester

2023-10-29 11:22:23 UTC

Note that minizip-ng is apparently not vulnerable: https://github.com/zlib-ng/minizip-ng/issues/735.

Comment 2 Larry the Git Cow gentoo-dev

2023-10-30 10:21:09 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d9718dafa6ecd841f4364f2ee0039613f0b8efec

commit d9718dafa6ecd841f4364f2ee0039613f0b8efec
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-10-30 10:16:13 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-10-30 10:19:02 +0000

    sys-libs/zlib: fix CVE-2023-45853
    
    Bug: https://bugs.gentoo.org/916484
    Signed-off-by: Sam James <sam@gentoo.org>

 .../zlib/files/zlib-1.2.13-CVE-2023-45853.patch    |  40 +++++
 sys-libs/zlib/zlib-1.2.13-r2.ebuild                | 184 +++++++++++++++++++++
 sys-libs/zlib/zlib-1.3-r2.ebuild                   | 179 ++++++++++++++++++++
 3 files changed, 403 insertions(+)

Comment 3 Larry the Git Cow gentoo-dev

2024-01-06 08:04:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=94c6e08a7720f558bb603793f8e4c2d70283c08f

commit 94c6e08a7720f558bb603793f8e4c2d70283c08f
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-01-06 08:04:09 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-01-06 08:04:19 +0000

    sys-libs/zlib: drop 1.2.13-r1, 1.2.13-r2, 1.3-r1
    
    Bug: https://bugs.gentoo.org/916484
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/zlib/Manifest              |   2 -
 sys-libs/zlib/zlib-1.2.13-r1.ebuild | 181 -----------------------------------
 sys-libs/zlib/zlib-1.2.13-r2.ebuild | 184 ------------------------------------
 sys-libs/zlib/zlib-1.3-r1.ebuild    | 176 ----------------------------------
 4 files changed, 543 deletions(-)

Comment 4 Larry the Git Cow gentoo-dev

2024-01-15 12:04:17 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=93dbf80a72b6cbaffc14d3cdc8167e7cfb1c6bdd

commit 93dbf80a72b6cbaffc14d3cdc8167e7cfb1c6bdd
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-15 12:02:56 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-15 12:04:10 +0000

    [ GLSA 202401-18 ] zlib: Buffer Overflow
    
    Bug: https://bugs.gentoo.org/916484
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-18.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)