Bug 1216265

Summary: VUL-0: CVE-2022-47069: p7zip: Heap buffer overflow in NArchive:NZip:CInArchive:FindCd
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Danilo Spinella <danilo.spinella>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: gabriele.sonnu
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/376053/
Whiteboard: CVSSv3.1:SUSE:CVE-2022-47069:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) CVSSv3.1:SUSE:CVE-2023-1576:3.3:(AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2023-10-16 08:57:56 UTC 
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.

References:
https://sourceforge.net/p/p7zip/bugs/241/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47069
Comment 1 Danilo Spinella 2023-10-23 15:58:00 UTC 
Same upstream bug as bsc#1209648.
Comment 2 Gabriele Sonnu 2023-12-19 10:16:34 UTC 
Closing this as a duplicate of bsc#1209648.

*** This bug has been marked as a duplicate of bug 1209648 ***