ISN 2023-33: Zlib Vulnerability

First published 18 December 2023

CVSS 3.1: 9.8 (Critical)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been found in the Zlib compression library used in IGEL OS. This affects the following IGEL products:

• IGEL OS 12
• IGEL OS 11

Details

The MiniZip component in Zlib contains an integer overflow and resultant heap-based buffer overflow via a long filename, comment, or extra field. This could enable an attacker to execute arbitrary code via constructed input. This vulnerability is tracked as CVE-2023-45853 and rated critical.

Update Instructions

• OS 12: Update to IGEL OS version 12.2.2 PR (Patch Release) 2 or 12.3.0 when available.
• OS 11: Update to IGEL OS version 11.09.160 when available.

References

• CVE-2023-45853: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45853