You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A key dependency of this project is the zlib library. zlib before version 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches according to CVE-2018-25032.
zlib 1.2.12 is included in macOS 10.15+ (with latest security patches), iOS 15.5+, tvOS 15.4+, watchOS 8.4+. As such, these OS versions will be the new minimums as of version 2.5.0 of ZipArchive.
If you are using an older version ZipArchive you are on your own for choosing to use a version of this package on os versions that are vulnerable.
Actual behavior
The
2.2.3
package is vulnerable to CVE-2023-39136 vulnerability. All packages before2.5.4
are vulnerable to this issue.Expected behavior
Packages with no requirements to have iOS 15+ as the minimal iOS version have a fix for CVE-2023-39136 vulnerability.
Version of ZipArchive
Lower than
2.5.0
Environmental information
The minimal iOS version is 12.4
The text was updated successfully, but these errors were encountered: