Skip to main content
Skip table of contents

ISN 2023-33: Zlib Vulnerability

First published 18 December 2023

CVSS 3.1: 9.8 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in the Zlib compression library used in IGEL OS. This affects the following IGEL products:

  • IGEL OS 12
  • IGEL OS 11

Details

The MiniZip component in Zlib contains an integer overflow and resultant heap-based buffer overflow via a long filename, comment, or extra field. This could enable an attacker to execute arbitrary code via constructed input. This vulnerability is tracked as CVE-2023-45853 and rated critical.

Update Instructions

  • OS 12: Update to IGEL OS version 12.2.2 PR (Patch Release) 2 or 12.3.0 when available.
  • OS 11: Update to IGEL OS version 11.09.160 when available.

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.