Vulnerability CVE-2017-17969: Information
Description
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
p7zip | sisyphus | 16.02-alt3 | 17.05-alt2 | ALT-PU-2018-2591-1 | 216092 | Fixed |
p7zip | p10 | 16.02-alt3 | 17.05-alt2 | ALT-PU-2018-2591-1 | 216092 | Fixed |
p7zip | p9 | 16.02-alt3 | 16.02-alt5 | ALT-PU-2018-2591-1 | 216092 | Fixed |
p7zip | c10f1 | 16.02-alt3 | 17.04-alt1 | ALT-PU-2018-2591-1 | 216092 | Fixed |
p7zip | c9f2 | 16.02-alt3 | 17.04-alt2 | ALT-PU-2018-2591-1 | 216092 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/ |
|
[debian-lts-announce] 20180202 [SECURITY] [DLA 1268-1] p7zip security update |
|
DSA-4104 |
|
https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html | |
1040831 | |
USN-3913-1 |