CVE-2023-31102

2023-11-0304:15:20

CWE-191

[email protected]

web.nvd.nist.gov

7-zip

integer underflow

ppmd7.c

7z archive

invalid read operation

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.

Affected configurations

Nvd

Node

linuxlinux_kernelMatch-

AND

7-zip7-zipRange<22.01

Node

netappactive_iq_unified_managerMatch-windows

netapponcommand_workflow_automationMatch-

VendorProductVersionCPE
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
7-zip7-zip*cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
netapponcommand_workflow_automation-cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
7-zip	7-zip	*	cpe:2.3:a:7-zip:7-zip::::::::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
netapp	oncommand_workflow_automation	-	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*