VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-t9z5-qvz6-aaam

Essentials
Severities (118)
References (28)
Severity details (32)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-t9z5-qvz6-aaam
Aliases	CVE-2023-45853 GHSA-mq29-j5xf-cjwr
Summary	MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-190	Integer Overflow or Wraparound
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-122	Heap-based Buffer Overflow

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45853.json
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00299	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00310	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00369	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00382	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.00393	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.01098	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
epss	0.02829	https://api.first.org/data/v1/epss?cve=CVE-2023-45853
cvssv3.1	9.8	https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
generic_textual	CRITICAL	https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
cvssv3.1	9.8	https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
generic_textual	CRITICAL	https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
cvssv3.1	5.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-mq29-j5xf-cjwr
cvssv3.1	9.8	https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
generic_textual	CRITICAL	https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
cvssv3.1	9.8	https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c
generic_textual	CRITICAL	https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c
cvssv3.1	9.8	https://github.com/madler/zlib/pull/843
generic_textual	CRITICAL	https://github.com/madler/zlib/pull/843
cvssv3.1	9.8	https://github.com/smihica/pyminizip
generic_textual	CRITICAL	https://github.com/smihica/pyminizip
cvssv3.1	9.8	https://github.com/smihica/pyminizip/blob/master/zlib-1.2.11/contrib/minizip/zip.c
generic_textual	CRITICAL	https://github.com/smihica/pyminizip/blob/master/zlib-1.2.11/contrib/minizip/zip.c
cvssv3.1	9.8	https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html
generic_textual	CRITICAL	https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-45853
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2023-45853
cvssv3.1	9.8	https://pypi.org/project/pyminizip/#history
generic_textual	CRITICAL	https://pypi.org/project/pyminizip/#history
archlinux	Critical	https://security.archlinux.org/AVG-2847
cvssv3.1	9.8	https://security.netapp.com/advisory/ntap-20231130-0009
generic_textual	CRITICAL	https://security.netapp.com/advisory/ntap-20231130-0009
cvssv3.1	9.8	https://www.winimage.com/zLibDll/minizip.html
generic_textual	CRITICAL	https://www.winimage.com/zLibDll/minizip.html
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2023/10/20/9
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2023/10/20/9
cvssv3.1	9.8	http://www.openwall.com/lists/oss-security/2024/01/24/10
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2024/01/24/10

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45853.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-45853
		https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
		https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45853
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
		https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c
		https://github.com/madler/zlib/pull/843
		https://github.com/smihica/pyminizip
		https://github.com/smihica/pyminizip/blob/master/zlib-1.2.11/contrib/minizip/zip.c
		https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html
		https://pypi.org/project/pyminizip/#history
		https://security.netapp.com/advisory/ntap-20231130-0009
		https://security.netapp.com/advisory/ntap-20231130-0009/
		https://www.winimage.com/zLibDll/minizip.html
		http://www.openwall.com/lists/oss-security/2023/10/20/9
		http://www.openwall.com/lists/oss-security/2024/01/24/10
1054290		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054290
2244556		https://bugzilla.redhat.com/show_bug.cgi?id=2244556
AVG-2847		https://security.archlinux.org/AVG-2847
cpe:2.3:a:smihica:pyminizip::::::python::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:smihica:pyminizip::::::python::*
cpe:2.3:a:zlib:zlib::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:zlib:zlib::::::::
CVE-2023-45853		https://nvd.nist.gov/vuln/detail/CVE-2023-45853
GHSA-mq29-j5xf-cjwr		https://github.com/advisories/GHSA-mq29-j5xf-cjwr
GLSA-202401-18		https://security.gentoo.org/glsa/202401-18
RHSA-2023:7626		https://access.redhat.com/errata/RHSA-2023:7626
USN-7107-1		https://usn.ubuntu.com/7107-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-45853.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/madler/zlib/pull/843

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/smihica/pyminizip

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/smihica/pyminizip/blob/master/zlib-1.2.11/contrib/minizip/zip.c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2023/11/msg00026.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45853

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-45853

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://pypi.org/project/pyminizip/#history

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.netapp.com/advisory/ntap-20231130-0009

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://www.winimage.com/zLibDll/minizip.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2023/10/20/9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2024/01/24/10

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.63903
EPSS Score	0.00248
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.