CVE-2023-48106 – A buffer overflow vulnerability in zlib-ng's mi... (How to Fix)

Q: What is the severity of CVE-2023-48106?

CVE-2023-48106 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in zlib-ng's minizip-ng library allows attackers to execute arbitrary code by providing a specially crafted file to the mz_path_resolve function. This affects any software using minizip-ng v4.0.2 for file compression/decompression operations. Systems processing untrusted archive files are particularly vulnerable.

📋 TL;DR

A buffer overflow vulnerability in zlib-ng's minizip-ng library allows attackers to execute arbitrary code by providing a specially crafted file to the mz_path_resolve function. This affects any software using minizip-ng v4.0.2 for file compression/decompression operations. Systems processing untrusted archive files are particularly vulnerable.

💻 Affected Systems

Products:

minizip-ng
zlib-ng
any software embedding minizip-ng library

Versions: minizip-ng v4.0.2

Operating Systems: All platforms where minizip-ng is used

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where minizip-ng processes untrusted files. The vulnerability is in the library itself, not dependent on specific configurations.

📦 What is this software?

Minizip Ng by Zlib Ng

View all CVEs affecting Minizip Ng →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application using minizip-ng, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or limited code execution depending on exploit sophistication and system protections.

🟢

If Mitigated

Application crash with no code execution if modern exploit mitigations (ASLR, DEP) are effective.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires an attacker to provide a crafted file, which could be delivered via email, downloads, or other file transfer mechanisms. Exploit development is straightforward given the buffer overflow nature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: minizip-ng v4.0.3 and later

Vendor Advisory: https://github.com/zlib-ng/minizip-ng/issues/740

Restart Required: Yes

Instructions:

1. Update minizip-ng to version 4.0.3 or later. 2. Rebuild any applications using the library. 3. Restart affected services or applications.

🔧 Temporary Workarounds

Input validation

all

Implement strict validation of file paths before passing to minizip-ng functions

Sandboxing

all

Run minizip-ng processes in isolated containers or with reduced privileges

🧯 If You Can't Patch

Implement network segmentation to limit access to vulnerable systems
Deploy application allowlisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check if minizip-ng version 4.0.2 is installed or if applications link to this version of the library

Check Version:

For Linux: dpkg -l | grep minizip-ng or rpm -qa | grep minizip-ng

Verify Fix Applied:

Verify minizip-ng version is 4.0.3 or later and applications have been rebuilt with the updated library

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Unusual file processing errors in application logs

Network Indicators:

Unexpected file transfers to systems using minizip-ng

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "buffer overflow" OR "mz_path_resolve")

📊 Metadata

CVE ID: CVE-2023-48106

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: November 22, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/zlib-ng/minizip-ng/issues/740 Exploit,Issue Tracking,Patch
https://github.com/zlib-ng/minizip-ng/issues/740 Exploit,Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48106, you might also want to check these: