CVE-2023-48106

Name of the Vulnerable Software and Affected Versions minizip-ng version 4.0.2

Description The issue is related to a Buffer Overflow in the mz path resolve function, located in the mz os.c file, which can be exploited by an attacker using a crafted file. This could allow a remote attacker to execute arbitrary code. The mz path resolve function is part of the minizip-ng library, used for working with zip files.

Recommendations For minizip-ng version 4.0.2, consider disabling the mz path resolve function until a patch is available to prevent potential exploitation. Restrict access to the mz os.c file and related components to minimize the risk of arbitrary code execution. Avoid using the mz path resolve function with untrusted input until the issue is resolved.