Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
References
Link | Resource |
---|---|
https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/ | |
https://security.netapp.com/advisory/ntap-20231110-0007/ | Third Party Advisory |
https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ | Issue Tracking Release Notes |
https://www.7-zip.org/download.html | Product |
https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ | Third Party Advisory VDB Entry |
Configurations
History
20 Nov 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive. | |
References |
|
13 Nov 2023, 15:18
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | () https://security.netapp.com/advisory/ntap-20231110-0007/ - Third Party Advisory | |
References | (MISC) https://www.7-zip.org/download.html - Product | |
References | (MISC) https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ - Issue Tracking, Release Notes | |
References | (MISC) https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ - Third Party Advisory, VDB Entry | |
CWE | CWE-191 | |
First Time |
Linux linux Kernel
Linux Netapp oncommand Workflow Automation Netapp active Iq Unified Manager Netapp 7-zip 7-zip 7-zip |
10 Nov 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Nov 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-03 04:15
Updated : 2024-09-06 14:35
NVD link : CVE-2023-31102
Mitre link : CVE-2023-31102
CVE.ORG link : CVE-2023-31102
JSON object : View
Products Affected
netapp
- oncommand_workflow_automation
- active_iq_unified_manager
linux
- linux_kernel
7-zip
- 7-zip
CWE
CWE-191
Integer Underflow (Wrap or Wraparound)