search

microsoft / perfview

PerfView is a CPU and memory performance-analysis tool
http://channel9.msdn.com/Series/PerfView-Tutorial
MIT License
4.06k stars 696 forks source link

CVE-2023-45853 #1978

Closed SoftwareGuyRob closed 5 months ago

SoftwareGuyRob commented 6 months ago

Very closely related to this issue: https://github.com/microsoft/perfview/issues/1659

The new msdia file no longer has the vulnerability in the previous issue, but it does have a new one. https://nvd.nist.gov/vuln/detail/CVE-2023-45853

Microsoft.Diagnostics.Tracing.TraceEvent includes msdia140.dll as part of the nuget package. That dll has vulnerability CVE-2023-45853 as it includes zlib.

Can you please fix?

cincuranet commented 5 months ago

Hi, msdia140 is not affected by CVE-2023-45853.