The problem results from the lack of proper validation of user-supplied data, which can lead to an integer underflow before writing to memory. The specific vulnerability exists is in the analysis of 7Z files. User interaction is required to exploit this vulnerability because the target must visit a malicious page or open a malicious file. The Zero Day Initiative writes that this vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. CVE-2023-31102ĬVE-2023-31102 is a 7Z File Parsing Integer Underflow Remote Code Execution vulnerability in 7-Zip that has been assigned a CVE score of 7.8 (i.e., risk is high). Two serious vulnerabilities were published by the Zero-Day-Initiative. German blog reader Ralf had pointed out later, that vulnerabilities in the packing program 7-ZIP has became publicin the discussion area – and Stefan Kanthak also sent me a mail with hints (thanks for that). I had reported about a vulnerability in WinRAR in the blog post WinRAR Code Execution Vulnerability CVE-2023-40477 at the end of August.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |