Bugzilla – Bug 1227358
VUL-0: CVE-2023-52168: 7zip,p7zip: heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten at multiple offsets
Last modified: 2024-07-15 20:36:13 UTC
Reference: https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/ Details: The vulnerability affects the "full" implementation (i.e., 7zz and its library), which includes the NTFS parser. Implementations not using the NTFS parser (e.g., 7za and 7zr) aren't affected. The vulnerability was silently fixed in 24.01 (beta). No advisory (or a related change log entry) was issued. CVE-2023-52168: The NtfsHandler.cpp NTFS handler in 7-Zip through 23.01 contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc. This vulnerability would be very hard to exploit to gain code execution. Timeline: * 2023-08-18: the vulnerability was reported to Igor Pavlov. * 2024-01-31: a fixed version (24.01 beta) is available. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-52168 https://seclists.org/oss-sec/2024/q3/24
SUSE-SU-2024:2475-1: An update that solves two vulnerabilities can now be installed. Category: security (important) Bug References: 1227358, 1227359 CVE References: CVE-2023-52168, CVE-2023-52169 Maintenance Incident: [SUSE:Maintenance:34729](https://smelt.suse.de/incident/34729/) Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): p7zip-9.20.1-7.6.1 SUSE Linux Enterprise Server 12 SP5 (src): p7zip-9.20.1-7.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): p7zip-9.20.1-7.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.