CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31102 – 7-Zip 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-31102
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. 7-Zip hasta 22.01 en Linux permite un desbordamiento de números enteros y la ejecución de código a través de un archivo 7Z manipulado. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 7Z files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102 https://security.netapp.com/advisory/ntap-20231110-0007 https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269 https://www.7-zip.org/download.html https://www.zerodayinitiative.com/advisories/ZDI-23-1165 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40481 – 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-40481
7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269 https://www.zerodayinitiative.com/advisories/ZDI-23-1164 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47069
https://notcve.org/view.php?id=CVE-2022-47069
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. • https://sourceforge.net/p/p7zip/bugs/241 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 6CVE-2022-29072
https://notcve.org/view.php?id=CVE-2022-29072
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur **EN DISPUTA** 7-Zip hasta la versión 21.07 en Windows permite la escalada de privilegios y la ejecución de comandos cuando se arrastra un archivo con la extensión .7z al área de Ayuda>Contenido. Esto es causado por una mala configuración de 7z.dll y un desbordamiento de la pila. • https://github.com/kagancapar/CVE-2022-29072 https://github.com/tiktb8/CVE-2022-29072 https://github.com/sentinelblue/CVE-2022-29072 https://github.com/rasan2001/CVE-2022-29072 http://packetstormsecurity.com/files/166763/7-Zip-21.07-Code-Execution-Privilege-Escalation.html https://news.ycombinator.com/item?id=31070256 https://sourceforge.net/p/sevenzip/bugs/2337 https://www.youtube.com/watch?v=sT1cvbu7ZTA • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1CVE-2018-10115
https://notcve.org/view.php?id=CVE-2018-10115
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. La lógica incorrecta de objetos de descodificador RAR en 7-Zip 18.03 y anteriores puede conducir al uso de memoria no inicializada, lo que permite que atacantes remotos provoquen una denegación de servicio (fallo de segmentación) o ejecuten código arbitrario mediante un archivo RAR manipulado. • http://www.securityfocus.com/bid/104132 http://www.securitytracker.com/id/1040832 https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa • CWE-665: Improper Initialization CWE-908: Use of Uninitialized Resource •