7.8

CVE-2023-31102

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
7-zip7-zip Version < 22.01
   LinuxLinux Kernel Version-
NetappActive Iq Unified Manager Version- SwPlatformwindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 71.04% 0.993
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/
https://security.netapp.com/advisory/ntap-20231110-0007/
Third Party Advisory
https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
Release Notes
Issue Tracking
https://www.7-zip.org/download.html
Product
https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
Third Party Advisory
VDB Entry