CVE-2023-31102

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

History

20 Nov 2023, 00:15

Type Values Removed Values Added
Summary 7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive. Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
References
  • () https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/ -

13 Nov 2023, 15:18

Type Values Removed Values Added
CPE cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
References () https://security.netapp.com/advisory/ntap-20231110-0007/ - () https://security.netapp.com/advisory/ntap-20231110-0007/ - Third Party Advisory
References (MISC) https://www.7-zip.org/download.html - (MISC) https://www.7-zip.org/download.html - Product
References (MISC) https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ - (MISC) https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ - Issue Tracking, Release Notes
References (MISC) https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ - (MISC) https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ - Third Party Advisory, VDB Entry
CWE CWE-191
First Time Linux linux Kernel
Linux
Netapp oncommand Workflow Automation
Netapp active Iq Unified Manager
Netapp
7-zip 7-zip
7-zip

10 Nov 2023, 18:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20231110-0007/ -

03 Nov 2023, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-03 04:15

Updated : 2024-09-06 14:35


NVD link : CVE-2023-31102

Mitre link : CVE-2023-31102

CVE.ORG link : CVE-2023-31102


JSON object : View

Products Affected

netapp

  • oncommand_workflow_automation
  • active_iq_unified_manager

linux

  • linux_kernel

7-zip

  • 7-zip
CWE
CWE-191

Integer Underflow (Wrap or Wraparound)