Are dbghelp.dll and msdia.dll impacted by zlib vulnerabilities: CVE-2023-45853 and CVE-2022-37434?

Question

Are dbghelp.dll and msdia.dll impacted by zlib vulnerabilities: CVE-2023-45853 and CVE-2022-37434?

Crisantos, Lennin 5

A software composition analysis tool found that dbghelp.dll and msdia.dll from Windows SDK use zlib version 1.2.11 and 1.2.12 respectively, and these versions of zlib are impacted by the CVE records CVE-2023-45853 and CVE-2022-37434.

Are dbghelp.dll and msdia.dll impacted by these vulnerabilities in zlib? If so, is there a plan to provide a new version that fixes these CVE records?

1 answer

Your answer

Answer 1

Jeanine Zhang-MSFT 11,356 Microsoft External Staff

Hi,

Welcome to Microsoft Q&A!

According to your description, it is related to security vulnerabilities, and it is out of the forum support.

If you want to resolve this issue as soon as possible, you can open an incident via Contact us tab at link below: https://developer.microsoft.com/en-us/windows/support/

Please choose the Technical Support - Coding/Debugging for Windows SDK for this issue. In-addition, if the support engineer determines that the issue is the result of a bug the service request will be a no-charge case and you won't be charged.

Thank you.

Jeanine

Crisantos, Lennin 5 Reputation points

2024-02-07T16:59:57.2833333+00:00

What's the right channel to get information about whether or not a CVE record affects Microsoft products? I tried MSRC and they redirected me here. Looks like "incidents" are for paid support, I don't want that, I want a "yes" or "no" answer to my question.
Crisantos, Lennin 5 Reputation points

2024-02-07T17:04:28.8733333+00:00

What's the right communication channel for security questions? I tried MSRC and was redirected here.

Share via

Are dbghelp.dll and msdia.dll impacted by zlib vulnerabilities: CVE-2023-45853 and CVE-2022-37434?

1 answer

Your answer