PT-2018-9690 · 7 Zip+2 · 7-Zip+1

Published

2018-05-02

Updated

2021-07-31

CVE-2018-10115

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: 7-Zip versions 18.03 and earlier

Description: The issue is related to the incorrect initialization logic of RAR decoder objects, which can lead to the usage of uninitialized memory. This can allow remote attackers to cause a denial of service, resulting in a segmentation fault, or potentially execute arbitrary code via a crafted RAR archive.

Recommendations: For 7-Zip versions 18.03 and earlier, update to a version later than 18.03 to resolve the issue.

Exploit

Fix

DoS

Use of Uninitialized Resource

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-665

Related Identifiers

ALT-PU-2018-2591

CVE-2018-10115

OESA-2021-1294

Affected Products

7-Zip

Alt Linux

PT-2018-9690 · 7 Zip+2 · 7-Zip+1

CVE-2018-10115

Weakness Enumeration

Related Identifiers

Affected Products

References · 18