CVSS 3.1 Score 8.8 of 10 (high)


Published Nov 22, 2023
Updated: Dec 27, 2023
CWE ID 787


CVE-2023-48107 is a Buffer Overflow vulnerability found in zlib-ng minizip-ng v.4.0.2. This vulnerability allows an attacker to execute arbitrary code by exploiting a crafted file in the mz_path_has_slash function of the mz_os.c file. The affected products include to8Q2a. The base severity of this vulnerability is rated as HIGH, with a base score of 8.8 out of 10. The exploitability score is 2.8, and the impact score is 5.9. Privileges are not required for exploitation, but user interaction is required. The attack vector is through the network, and both integrity and confidentiality impacts are rated as HIGH. The vulnerability poses a significant danger to organizations that use the affected product, as it can result in unauthorized code execution and potential compromise of sensitive data.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-48107 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options