Bug 1227358 (CVE-2023-52168)

Summary: VUL-0: CVE-2023-52168: 7zip,p7zip: heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten at multiple offsets
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Antonio Teixeira <antonio.teixeira>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: camila.matos
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/412809/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-52168:8.2:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-07-03 19:12:11 UTC 
Reference:
https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/

Details:
The vulnerability affects the "full" implementation (i.e., 7zz and its library), which includes the NTFS parser. Implementations not using the NTFS parser (e.g., 7za and 7zr) aren't affected. The vulnerability was silently fixed in 24.01 (beta). No advisory (or a related change log entry) was issued.

CVE-2023-52168:

The NtfsHandler.cpp NTFS handler in 7-Zip through 23.01 contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

This vulnerability would be very hard to exploit to gain code execution.

Timeline:

* 2023-08-18: the vulnerability was reported to Igor Pavlov.
* 2024-01-31: a fixed version (24.01 beta) is available.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52168
https://seclists.org/oss-sec/2024/q3/24
Comment 5 Maintenance Automation 2024-07-15 20:36:13 UTC 
SUSE-SU-2024:2475-1: An update that solves two vulnerabilities can now be installed.

Category: security (important)
Bug References: 1227358, 1227359
CVE References: CVE-2023-52168, CVE-2023-52169
Maintenance Incident: [SUSE:Maintenance:34729](https://smelt.suse.de/incident/34729/)
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 p7zip-9.20.1-7.6.1
SUSE Linux Enterprise Server 12 SP5 (src):
 p7zip-9.20.1-7.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 p7zip-9.20.1-7.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.