{"id":31608,"date":"2023-09-03T11:20:21","date_gmt":"2023-09-03T09:20:21","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=31608"},"modified":"2023-09-03T11:33:53","modified_gmt":"2023-09-03T09:33:53","slug":"vulnerabilities-cve-2023-40481-cve-2023-31102-in-7-zip-fixed-in-version-23-00-august-2023","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2023\/09\/03\/vulnerabilities-cve-2023-40481-cve-2023-31102-in-7-zip-fixed-in-version-23-00-august-2023\/","title":{"rendered":"Vulnerabilities (CVE-2023-40481, CVE-2023-31102) in 7-ZIP; fixed in version 23.00 (August 2023)"},"content":{"rendered":"

\"Sicherheit[German<\/a>]A short update from the end of August 2023. Security researchers have found two vulnerabilities in the 7-Zip program, which is used to pack and unpack ZIP archive files. The vulnerabilities CVE-2023-40481 and CVE-2023-31102 are classified as high-risk from a security perspective. Attackers could possibly elevate privileges.<\/p>\n

<\/p>\n

\"\"I had reported about a vulnerability in WinRAR in the blog post WinRAR Code Execution Vulnerability CVE-2023-40477<\/a> at the end of August. German blog reader Ralf had pointed out later, that vulnerabilities in the packing program 7-ZIP has became publicin the discussion area – and Stefan Kanthak also sent me a mail with hints (thanks for that). Two serious vulnerabilities were published by the Zero-Day-Initiative.<\/p>\n

CVE-2023-31102<\/h2>\n

CVE-2023-31102<\/a> is a 7Z File Parsing Integer Underflow Remote Code Execution vulnerability in 7-Zip that has been assigned a CVE score of 7.8 (i.e., risk is high). The Zero Day Initiative writes that this vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability because the target must visit a malicious page or open a malicious file.<\/p>\n

The specific vulnerability exists is in the analysis of 7Z files. The problem results from the lack of proper validation of user-supplied data, which can lead to an integer underflow before writing to memory. An attacker can exploit this vulnerability to execute code in the context of the current process.<\/p>\n

CVE-2023-40481<\/h2>\n

CVE-2023-40481<\/a> is a SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution vulnerability in 7-Zip that has been assigned a CVE score of 7.8 (i.e., high risk). The vulnerability allows Romte attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is also required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file.<\/p>\n

The specific vulnerability arises during the analysis of SQFS files due to the lack of proper validation of user-supplied data. This can cause a write operation to exceed the end of an allocated buffer. An attacker can exploit this vulnerability to execute code in the context of the current process.<\/p>\n

Patch available<\/h2>\n

Both vulnerabilities were reported to the 7-ZIP developers on November 21, 2022 and were closed (according to Zero Day Initiative from August 23, 2023) with an update of the software<\/a> to version 23.00 (at that time still beta). Thus, anyone using the program should update to the newest version. Currently version 23.01 is offered for download<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]A short update from the end of August 2023. Security researchers have found two vulnerabilities in the 7-Zip program, which is used to pack and unpack ZIP archive files. The vulnerabilities CVE-2023-40481 and CVE-2023-31102 are classified as high-risk from a … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[69,1544,195],"class_list":["post-31608","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-security","tag-software","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/31608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=31608"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/31608\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=31608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=31608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=31608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}