Vulnerabilities > CVE-2017-17969 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1268.NASL description The p7zip package has a heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip which allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. For Debian 7 last seen 2020-03-17 modified 2018-02-05 plugin id 106591 published 2018-02-05 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106591 title Debian DLA-1268-1 : p7zip security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3913-1.NASL description It was discovered that p7zip did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted archive with p7zip, then p7zip could be made to crash, possibly leading to arbitrary code execution. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 123074 published 2019-03-25 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123074 title Ubuntu 16.04 LTS : p7zip vulnerabilities (USN-3913-1) NASL family Fedora Local Security Checks NASL id FEDORA_2018-29232AA760.NASL description Improved security patch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-02-15 plugin id 106821 published 2018-02-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106821 title Fedora 27 : p7zip (2018-29232aa760) NASL family Windows NASL id 7ZIP_18_00.NASL description The version of 7-Zip installed on the remote Windows host is prior to 18.0. It is, therefore, affected by multiple vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 109800 published 2018-05-14 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109800 title 7-Zip < 18.00 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-188.NASL description This update for p7zip fixes the following security issues : - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650) - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725) - CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-02-21 plugin id 106920 published 2018-02-21 reporter This script is Copyright (C) 2018-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/106920 title openSUSE Security Update : p7zip (openSUSE-2018-188) NASL family Fedora Local Security Checks NASL id FEDORA_2018-7EDC48BE11.NASL description Improve security patch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-02-20 plugin id 106878 published 2018-02-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106878 title Fedora 26 : p7zip (2018-7edc48be11) NASL family Fedora Local Security Checks NASL id FEDORA_2018-CD4311D4D6.NASL description Security fix for CVE-2017-17969 (from Debian) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-02-07 plugin id 106645 published 2018-02-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106645 title Fedora 26 : p7zip (2018-cd4311d4d6) NASL family Fedora Local Security Checks NASL id FEDORA_2018-F8AD787538.NASL description Security fix for CVE-2017-17969 (from Debian) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-02-07 plugin id 106648 published 2018-02-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106648 title Fedora 27 : p7zip (2018-f8ad787538) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-4104.NASL description 'landave last seen 2020-06-01 modified 2020-06-02 plugin id 106593 published 2018-02-05 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106593 title Debian DSA-4104-1 : p7zip - security update NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_6D3373960E4A11E894C05453ED2E2B49.NASL description MITRE reports : Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive. last seen 2020-06-01 modified 2020-06-02 plugin id 106735 published 2018-02-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106735 title FreeBSD : p7zip -- heap-based buffer overflow (6d337396-0e4a-11e8-94c0-5453ed2e2b49) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0464-1.NASL description This update for p7zip fixes the following issues: Security issues fixed : - CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650) - CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725) - CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106897 published 2018-02-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106897 title SUSE SLED12 / SLES12 Security Update : p7zip (SUSE-SU-2018:0464-1)
References
- http://www.securitytracker.com/id/1040831
- http://www.securitytracker.com/id/1040831
- https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html
- https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html
- https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
- https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
- https://lists.debian.org/debian-lts-announce/2018/02/msg00003.html
- https://lists.debian.org/debian-lts-announce/2018/02/msg00003.html
- https://usn.ubuntu.com/3913-1/
- https://usn.ubuntu.com/3913-1/
- https://www.debian.org/security/2018/dsa-4104
- https://www.debian.org/security/2018/dsa-4104