PT-2018-17281 · Igor Pavlov+2 · 7-Zip+3

Zeeman206

·

Publicado

2017-12-29

·

Atualizado

2025-01-10

·

CVE-2018-5996

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: 7-Zip versions prior to 18.00 p7zip versions prior to 18.00
Description: The issue is related to insufficient exception handling in the method NCompress::NRar3::CDecoder::Code, which can lead to multiple memory corruptions within the PPMd code. This allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Recommendations: For 7-Zip versions prior to 18.00, update to version 18.00 or later to resolve the issue. For p7zip versions prior to 18.00, update to version 18.00 or later to resolve the issue.

Exploit

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2018-2591
AZL-35093
AZL-6784
BDU:2025-04908
CVE-2018-5996
OESA-2021-1294
OPENSUSE-SU-2018_0497-1
SUSE-SU-2018:0464-1

Produtos afetados

7-Zip
Alt Linux
Suse
P7Zip