CVE-2023-52168

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 24.01

Description The issue is related to a heap-based buffer overflow in the NtfsHandler.cpp NTFS handler. This overflow allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size, specifically at buffer+512*i-2, for i=9, i=10, i=11, etc. The exploitation of this issue may enable a remote attacker to execute arbitrary code.

Recommendations For versions prior to 24.01, update to version 24.01 or later to resolve the issue. As a temporary workaround, consider restricting the use of the NTFS handler in 7-Zip until a patch is applied.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2024-15154

ALT-PU-2024-15240

BDU:2024-04975

CVE-2023-52168

OESA-2025-1748

OPENSUSE-SU-2024_2625-1

SUSE-SU-2024:2475-1

SUSE-SU-2024:2625-1

SUSE-SU-2024_2475-1

SUSE-SU-2024_2625-1

USN-7438-1

Affected Products

7-Zip

Alt Linux

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

CVE-2023-52168

Weakness Enumeration

Related Identifiers

Affected Products

References · 45