Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-5996 (GCVE-0-2018-5996)
Vulnerability from cvelistv5 – Published: 2018-01-31 18:00 – Updated: 2025-01-10 18:55
VLAI?
EPSS
Summary
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public ?
2018-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/"
},
{
"name": "1040831",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040831"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-10T18:55:21.411Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/"
},
{
"name": "1040831",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1040831"
},
{
"url": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html"
},
{
"url": "https://github.com/p7zip-project/p7zip/issues/8"
},
{
"url": "https://github.com/p7zip-project/p7zip/issues/32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/",
"refsource": "MISC",
"url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/"
},
{
"name": "1040831",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040831"
},
{
"name": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5996",
"datePublished": "2018-01-31T18:00:00.000Z",
"dateReserved": "2018-01-22T00:00:00.000Z",
"dateUpdated": "2025-01-10T18:55:21.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-5996",
"date": "2026-04-18",
"epss": "0.04477",
"percentile": "0.89114"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-5996\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-01-31T18:29:00.363\",\"lastModified\":\"2025-01-10T19:15:28.730\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.\"},{\"lang\":\"es\",\"value\":\"Una gesti\u00f3n insuficiente de excepciones en el m\u00e9todo NCompress::NRar3::CDecoder::Code en 7-Zip, en versiones anteriores a la 18.00, y en p7zip puede conducir a m\u00faltiples corrupciones de memoria en el c\u00f3digo PPMd, permitir que atacantes remotos provoquen una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o ejecutar c\u00f3digo arbitrario mediante un archivo RAR manipulado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.00\",\"matchCriteriaId\":\"29DB1D61-48E4-4483-8CEE-2A65324FF0AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:7-zip:p7zip:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.0\",\"matchCriteriaId\":\"0B541E55-DEFD-4595-BE62-003F52D39F32\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1040831\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/p7zip-project/p7zip/issues/32\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/p7zip-project/p7zip/issues/8\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1040831\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]}]}}"
}
}
GSD-2018-5996
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-5996",
"description": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.",
"id": "GSD-2018-5996",
"references": [
"https://www.suse.com/security/cve/CVE-2018-5996.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-5996"
],
"details": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.",
"id": "GSD-2018-5996",
"modified": "2023-12-13T01:22:39.755984Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/",
"refsource": "MISC",
"url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/"
},
{
"name": "1040831",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040831"
},
{
"name": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:7-zip:p7zip:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "18.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5996"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/",
"refsource": "MISC",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/"
},
{
"name": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html",
"refsource": "MISC",
"tags": [],
"url": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html"
},
{
"name": "1040831",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1040831"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2018-01-31T18:29Z"
}
}
}
MSRC_CVE-2018-5996
Vulnerability from csaf_microsoft - Published: 2018-01-02 00:00 - Updated: 2024-06-30 07:00Summary
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.8 (High)
Vendor Fix
16.02-23:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
Vendor Fix
16.02-22:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2018-5996 Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2018-5996.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.",
"tracking": {
"current_release_date": "2024-06-30T07:00:00.000Z",
"generator": {
"date": "2025-12-30T00:10:39.713Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2018-5996",
"initial_release_date": "2018-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-12-16T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-06-30T07:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "16817"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 p7zip 16.02-23",
"product": {
"name": "\u003cazl3 p7zip 16.02-23",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 p7zip 16.02-23",
"product": {
"name": "azl3 p7zip 16.02-23",
"product_id": "16884"
}
},
{
"category": "product_version_range",
"name": "\u003ccm1 p7zip 16.02-22",
"product": {
"name": "\u003ccm1 p7zip 16.02-22",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cm1 p7zip 16.02-22",
"product": {
"name": "cm1 p7zip 16.02-22",
"product_id": "16882"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 p7zip 16.02-22",
"product": {
"name": "\u003ccbl2 p7zip 16.02-22",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 p7zip 16.02-22",
"product": {
"name": "cbl2 p7zip 16.02-22",
"product_id": "16883"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 p7zip 16.02-23",
"product": {
"name": "\u003cazl3 p7zip 16.02-23",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 p7zip 16.02-23",
"product": {
"name": "azl3 p7zip 16.02-23",
"product_id": "16884"
}
}
],
"category": "product_name",
"name": "p7zip"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 p7zip 16.02-23 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 p7zip 16.02-23 as a component of Azure Linux 3.0",
"product_id": "16884-17084"
},
"product_reference": "16884",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 p7zip 16.02-22 as a component of CBL Mariner 1.0",
"product_id": "16820-4"
},
"product_reference": "4",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 p7zip 16.02-22 as a component of CBL Mariner 1.0",
"product_id": "16882-16820"
},
"product_reference": "16882",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 p7zip 16.02-22 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 p7zip 16.02-22 as a component of CBL Mariner 2.0",
"product_id": "16883-17086"
},
"product_reference": "16883",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 p7zip 16.02-23 as a component of Azure Linux 3.0",
"product_id": "16817-2"
},
"product_reference": "2",
"relates_to_product_reference": "16817"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 p7zip 16.02-23 as a component of Azure Linux 3.0",
"product_id": "16884-16817"
},
"product_reference": "16884",
"relates_to_product_reference": "16817"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-5996",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"16884-17084",
"16882-16820",
"16883-17086",
"16884-16817"
],
"known_affected": [
"17084-1",
"16820-4",
"17086-3",
"16817-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2018-5996 Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2018/msrc_cve-2018-5996.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-12-16T00:00:00.000Z",
"details": "16.02-23:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1",
"16817-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2021-12-16T00:00:00.000Z",
"details": "16.02-22:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-4",
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-1",
"16820-4",
"17086-3",
"16817-2"
]
}
],
"title": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive."
}
]
}
CNVD-2018-04718
Vulnerability from cnvd - Published: 2018-03-09
VLAI Severity ?
Title
7-Zip和p7zip内存破坏漏洞
Description
7-Zip一套免费的、开源的压缩/解压缩软件。p7zip是它的基于Linux平台的版本。
7-Zip 18.00之前版本和p7zip中的NCompress::NRar3::CDecoder::Code方法存在安全漏洞,该漏洞源于程序未能正确的处理异常。远程攻击者可借助特制的RAR归档文件利用该漏洞造成拒绝服务(内存破坏和段错误)或执行任意代码。
Severity
中
Patch Name
7-Zip和p7zip内存破坏漏洞的补丁
Patch Description
7-Zip一套免费的、开源的压缩/解压缩软件。p7zip是它的基于Linux平台的版本。
7-Zip 18.00之前版本和p7zip中的NCompress::NRar3::CDecoder::Code方法存在安全漏洞,该漏洞源于程序未能正确的处理异常。远程攻击者可借助特制的RAR归档文件利用该漏洞造成拒绝服务(内存破坏和段错误)或执行任意代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: http://www.7-zip.org/
Reference
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
Impacted products
| Name | ['7-Zip 7-Zip <18.00', '7-Zip p7zip <18.0'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-5996"
}
},
"description": "7-Zip\u4e00\u5957\u514d\u8d39\u7684\u3001\u5f00\u6e90\u7684\u538b\u7f29/\u89e3\u538b\u7f29\u8f6f\u4ef6\u3002p7zip\u662f\u5b83\u7684\u57fa\u4e8eLinux\u5e73\u53f0\u7684\u7248\u672c\u3002\r\n\r\n7-Zip 18.00\u4e4b\u524d\u7248\u672c\u548cp7zip\u4e2d\u7684NCompress::NRar3::CDecoder::Code\u65b9\u6cd5\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5f02\u5e38\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684RAR\u5f52\u6863\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\u548c\u6bb5\u9519\u8bef\uff09\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
"discovererName": "unknwon",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.7-zip.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-04718",
"openTime": "2018-03-09",
"patchDescription": "7-Zip\u4e00\u5957\u514d\u8d39\u7684\u3001\u5f00\u6e90\u7684\u538b\u7f29/\u89e3\u538b\u7f29\u8f6f\u4ef6\u3002p7zip\u662f\u5b83\u7684\u57fa\u4e8eLinux\u5e73\u53f0\u7684\u7248\u672c\u3002\r\n\r\n7-Zip 18.00\u4e4b\u524d\u7248\u672c\u548cp7zip\u4e2d\u7684NCompress::NRar3::CDecoder::Code\u65b9\u6cd5\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u5f02\u5e38\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684RAR\u5f52\u6863\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5185\u5b58\u7834\u574f\u548c\u6bb5\u9519\u8bef\uff09\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "7-Zip\u548cp7zip\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"7-Zip 7-Zip \u003c18.00",
"7-Zip p7zip \u003c18.0"
]
},
"referenceLink": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/",
"serverity": "\u4e2d",
"submitTime": "2018-02-02",
"title": "7-Zip\u548cp7zip\u5185\u5b58\u7834\u574f\u6f0f\u6d1e"
}
FKIE_CVE-2018-5996
Vulnerability from fkie_nvd - Published: 2018-01-31 18:29 - Updated: 2025-01-10 19:15
Severity ?
Summary
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 7-zip | 7-zip | * | |
| 7-zip | p7zip | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29DB1D61-48E4-4483-8CEE-2A65324FF0AB",
"versionEndExcluding": "18.00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:7-zip:p7zip:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B541E55-DEFD-4595-BE62-003F52D39F32",
"versionEndExcluding": "18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive."
},
{
"lang": "es",
"value": "Una gesti\u00f3n insuficiente de excepciones en el m\u00e9todo NCompress::NRar3::CDecoder::Code en 7-Zip, en versiones anteriores a la 18.00, y en p7zip puede conducir a m\u00faltiples corrupciones de memoria en el c\u00f3digo PPMd, permitir que atacantes remotos provoquen una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n) o ejecutar c\u00f3digo arbitrario mediante un archivo RAR manipulado."
}
],
"id": "CVE-2018-5996",
"lastModified": "2025-01-10T19:15:28.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-31T18:29:00.363",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1040831"
},
{
"source": "cve@mitre.org",
"url": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/p7zip-project/p7zip/issues/32"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/p7zip-project/p7zip/issues/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1040831"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
BDU:2025-04908
Vulnerability from fstec - Published: 29.12.2017
VLAI Severity ?
Title
Уязвимость метода NCompress::NRar3::CDecoder::Code архиваторов p7zip и 7-Zip, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Description
Уязвимость метода NCompress::NRar3::CDecoder::Code архиваторов p7zip и 7-Zip связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании или выполнить произвольный код через созданный архив RAR
Severity ?
Vendor
Canonical Ltd., Сообщество свободного программного обеспечения, Павлов Игорь, ООО «Открытая мобильная платформа»
Software Name
Ubuntu, Debian GNU/Linux, 7-Zip, p7zip, ОС Аврора (запись в едином реестре российских программ №1543)
Software Version
16.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), до 18.0 (7-Zip), до 18.0 (p7zip), до 5.1.4 включительно (ОС Аврора)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для p7zip и 7-Zip:
https://blog.0patch.com/2018/02/two-interesting-micropatches-for-7-zip.html
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2018-5996
Для Ubuntu:
https://ubuntu.com/security/CVE-2018-5996
Для ОС Аврора: https://cve.omp.ru/bb27514
Reference
https://security-tracker.debian.org/tracker/CVE-2018-5996
https://vulners.com/cve/CVE-2018-5996
https://ubuntu.com/security/CVE-2018-5996
https://blog.0patch.com/2018/02/two-interesting-micropatches-for-7-zip.html
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
https://cve.omp.ru/bb27514
CWE
CWE-119
{
"CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041f\u0430\u0432\u043b\u043e\u0432 \u0418\u0433\u043e\u0440\u044c, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), \u0434\u043e 18.0 (7-Zip), \u0434\u043e 18.0 (p7zip), \u0434\u043e 5.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f p7zip \u0438 7-Zip:\nhttps://blog.0patch.com/2018/02/two-interesting-micropatches-for-7-zip.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2018-5996\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2018-5996\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430: https://cve.omp.ru/bb27514",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "29.12.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.09.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.04.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-04908",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-5996",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, 7-Zip, p7zip, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 \u0434\u043e 5.1.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 NCompress::NRar3::CDecoder::Code \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u043e\u0432 p7zip \u0438 7-Zip, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0435\u0442\u043e\u0434\u0430 NCompress::NRar3::CDecoder::Code \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u043e\u0432 p7zip \u0438 7-Zip \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0430\u0440\u0445\u0438\u0432 RAR",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://security-tracker.debian.org/tracker/CVE-2018-5996\nhttps://vulners.com/cve/CVE-2018-5996\nhttps://ubuntu.com/security/CVE-2018-5996\nhttps://blog.0patch.com/2018/02/two-interesting-micropatches-for-7-zip.html\nhttps://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/\nhttps://cve.omp.ru/bb27514",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}
SUSE-SU-2018:0464-1
Vulnerability from csaf_suse - Published: 2018-02-16 12:45 - Updated: 2018-02-16 12:45Summary
Security update for p7zip
Severity
Important
Notes
Title of the patch: Security update for p7zip
Description of the patch:
This update for p7zip fixes the following issues:
Security issues fixed:
- CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650)
- CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725)
- CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978)
Patchnames: SUSE-SLE-DESKTOP-12-SP2-2018-319,SUSE-SLE-DESKTOP-12-SP3-2018-319,SUSE-SLE-RPI-12-SP2-2018-319,SUSE-SLE-SERVER-12-SP2-2018-319,SUSE-SLE-SERVER-12-SP3-2018-319
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.1 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for p7zip",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n \nThis update for p7zip fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2016-1372: Fixed multiple vulnerabilities when processing crafted 7z files (bsc#984650)\n- CVE-2017-17969: Fixed a heap-based buffer overflow in a shrink decoder (bsc#1077725)\n- CVE-2018-5996: Fixed memory corruption in RAR decompression. The complete RAR decoder was removed as it also has license issues (bsc#1077724 bsc#1077978)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP2-2018-319,SUSE-SLE-DESKTOP-12-SP3-2018-319,SUSE-SLE-RPI-12-SP2-2018-319,SUSE-SLE-SERVER-12-SP2-2018-319,SUSE-SLE-SERVER-12-SP3-2018-319",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0464-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0464-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180464-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0464-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-February/003737.html"
},
{
"category": "self",
"summary": "SUSE Bug 1077724",
"url": "https://bugzilla.suse.com/1077724"
},
{
"category": "self",
"summary": "SUSE Bug 1077725",
"url": "https://bugzilla.suse.com/1077725"
},
{
"category": "self",
"summary": "SUSE Bug 1077978",
"url": "https://bugzilla.suse.com/1077978"
},
{
"category": "self",
"summary": "SUSE Bug 984650",
"url": "https://bugzilla.suse.com/984650"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1372 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17969 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5996 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5996/"
}
],
"title": "Security update for p7zip",
"tracking": {
"current_release_date": "2018-02-16T12:45:57Z",
"generator": {
"date": "2018-02-16T12:45:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0464-1",
"initial_release_date": "2018-02-16T12:45:57Z",
"revision_history": [
{
"date": "2018-02-16T12:45:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "p7zip-9.20.1-7.3.1.aarch64",
"product": {
"name": "p7zip-9.20.1-7.3.1.aarch64",
"product_id": "p7zip-9.20.1-7.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "p7zip-9.20.1-7.3.1.ppc64le",
"product": {
"name": "p7zip-9.20.1-7.3.1.ppc64le",
"product_id": "p7zip-9.20.1-7.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "p7zip-9.20.1-7.3.1.s390x",
"product": {
"name": "p7zip-9.20.1-7.3.1.s390x",
"product_id": "p7zip-9.20.1-7.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "p7zip-9.20.1-7.3.1.x86_64",
"product": {
"name": "p7zip-9.20.1-7.3.1.x86_64",
"product_id": "p7zip-9.20.1-7.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP2",
"product_id": "SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64"
},
"product_reference": "p7zip-9.20.1-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
},
"product_reference": "p7zip-9.20.1-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.aarch64 as component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2",
"product_id": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64"
},
"product_reference": "p7zip-9.20.1-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for Raspberry Pi 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64"
},
"product_reference": "p7zip-9.20.1-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le"
},
"product_reference": "p7zip-9.20.1-7.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x"
},
"product_reference": "p7zip-9.20.1-7.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2",
"product_id": "SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64"
},
"product_reference": "p7zip-9.20.1-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64"
},
"product_reference": "p7zip-9.20.1-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le"
},
"product_reference": "p7zip-9.20.1-7.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x"
},
"product_reference": "p7zip-9.20.1-7.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64"
},
"product_reference": "p7zip-9.20.1-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64"
},
"product_reference": "p7zip-9.20.1-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le"
},
"product_reference": "p7zip-9.20.1-7.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x"
},
"product_reference": "p7zip-9.20.1-7.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
},
"product_reference": "p7zip-9.20.1-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64"
},
"product_reference": "p7zip-9.20.1-7.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le"
},
"product_reference": "p7zip-9.20.1-7.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x"
},
"product_reference": "p7zip-9.20.1-7.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "p7zip-9.20.1-7.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
},
"product_reference": "p7zip-9.20.1-7.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1372"
}
],
"notes": [
{
"category": "general",
"text": "ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1372",
"url": "https://www.suse.com/security/cve/CVE-2016-1372"
},
{
"category": "external",
"summary": "SUSE Bug 984650 for CVE-2016-1372",
"url": "https://bugzilla.suse.com/984650"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-02-16T12:45:57Z",
"details": "moderate"
}
],
"title": "CVE-2016-1372"
},
{
"cve": "CVE-2017-17969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17969"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17969",
"url": "https://www.suse.com/security/cve/CVE-2017-17969"
},
{
"category": "external",
"summary": "SUSE Bug 1077725 for CVE-2017-17969",
"url": "https://bugzilla.suse.com/1077725"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-02-16T12:45:57Z",
"details": "important"
}
],
"title": "CVE-2017-17969"
},
{
"cve": "CVE-2018-5996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5996"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5996",
"url": "https://www.suse.com/security/cve/CVE-2018-5996"
},
{
"category": "external",
"summary": "SUSE Bug 1077724 for CVE-2018-5996",
"url": "https://bugzilla.suse.com/1077724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:p7zip-9.20.1-7.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:p7zip-9.20.1-7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-02-16T12:45:57Z",
"details": "critical"
}
],
"title": "CVE-2018-5996"
}
]
}
GHSA-2JR3-P4JR-G977
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2025-01-10 21:31
VLAI?
Details
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2018-5996"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-31T18:29:00Z",
"severity": "HIGH"
},
"details": "Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.",
"id": "GHSA-2jr3-p4jr-g977",
"modified": "2025-01-10T21:31:20Z",
"published": "2022-05-13T01:52:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5996"
},
{
"type": "WEB",
"url": "https://github.com/p7zip-project/p7zip/issues/32"
},
{
"type": "WEB",
"url": "https://github.com/p7zip-project/p7zip/issues/8"
},
{
"type": "WEB",
"url": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html"
},
{
"type": "WEB",
"url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040831"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…