7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.081 Low
EPSS
Percentile
94.2%
Severity: Critical
Date : 2018-06-09
CVE-ID : CVE-2018-10115
Package : p7zip
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-714
The package p7zip before version 16.02-5 is vulnerable to arbitrary
code execution.
Upgrade to 16.02-5.
The problem has been fixed upstream in version 18.05.
None.
An uninitialized memory security issue has been found in the RAR
decoder component of 7-Zip before 18.05, resulting in arbitrary code
execution.
A remote attacker can execute arbitrary code via a crafted RAR file.
https://bugs.archlinux.org/task/58907
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
https://landave.io/files/patch_7zip_CVE-2018-10115.txt
https://security.archlinux.org/CVE-2018-10115
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.081 Low
EPSS
Percentile
94.2%