One of the key features of 7-Zip is its ability to compress files with high compression ratios, resulting in smaller file sizes. With a user-friendly interface and wide compatibility, 7-Zip has become a go-to choice for many users. An attacker can exploit this vulnerability to execute code in the context of the current process.7-Zip is a popular open-source file compression and archiving utility that provides efficient and reliable data compression. This can cause a write operation to exceed the end of an allocated buffer. The specific vulnerability arises during the analysis of SQFS files due to the lack of proper validation of user-supplied data. User interaction is also required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. The vulnerability allows Romte attackers to execute arbitrary code on affected installations of 7-Zip. CVE-2023-40481ĬVE-2023-40481 is a SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution vulnerability in 7-Zip that has been assigned a CVE score of 7.8 (i.e., high risk). An attacker can exploit this vulnerability to execute code in the context of the current process. The problem results from the lack of proper validation of user-supplied data, which can lead to an integer underflow before writing to memory. The specific vulnerability exists is in the analysis of 7Z files. User interaction is required to exploit this vulnerability because the target must visit a malicious page or open a malicious file. The Zero Day Initiative writes that this vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. CVE-2023-31102ĬVE-2023-31102 is a 7Z File Parsing Integer Underflow Remote Code Execution vulnerability in 7-Zip that has been assigned a CVE score of 7.8 (i.e., risk is high). Two serious vulnerabilities were published by the Zero-Day-Initiative. German blog reader Ralf had pointed out later, that vulnerabilities in the packing program 7-ZIP has became publicin the discussion area – and Stefan Kanthak also sent me a mail with hints (thanks for that). I had reported about a vulnerability in WinRAR in the blog post WinRAR Code Execution Vulnerability CVE-2023-40477 at the end of August.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |