Share via

Are dbghelp.dll and msdia.dll impacted by zlib vulnerabilities: CVE-2023-45853 and CVE-2022-37434?

Crisantos, Lennin 5 Reputation points
2024-02-06T17:58:09.3366667+00:00

A software composition analysis tool found that dbghelp.dll and msdia.dll from Windows SDK use zlib version 1.2.11 and 1.2.12 respectively, and these versions of zlib are impacted by the CVE records CVE-2023-45853 and CVE-2022-37434.

Are dbghelp.dll and msdia.dll impacted by these vulnerabilities in zlib? If so, is there a plan to provide a new version that fixes these CVE records?

Visual Studio
Visual Studio
A family of Microsoft suites of integrated development tools for building applications for Windows, the web and mobile devices.
5,448 questions
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,749 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jeanine Zhang-MSFT 11,181 Reputation points Microsoft External Staff
    2024-02-07T01:27:59.9733333+00:00

    Hi,

    Welcome to Microsoft Q&A!

    According to your description, it is related to security vulnerabilities, and it is out of the forum support.

    If you want to resolve this issue as soon as possible, you can open an incident via Contact us tab at link below: https://developer.microsoft.com/en-us/windows/support/

    Please choose the Technical Support - Coding/Debugging for Windows SDK for this issue. In-addition, if the support engineer determines that the issue is the result of a bug the service request will be a no-charge case and you won't be charged.

    Thank you.

    Jeanine

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.