HIGH8.8
Уязвимость анализатора SQFS-файлов архиватора 7-Zip, позволяющая нарушителю выполнить произвольный код
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:CReferences
Severity:
Closed issues (6)
LOW2.5
Уязвимость архиватора 7-Zip, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
CVSS 3.xLOW 2.5
CVSS:3.x/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0LOW 1.2
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:P/A:NReferences
LOW2.5
Уязвимость архиватора 7-Zip, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
CVSS 3.xLOW 2.5
CVSS:3.x/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:NCVSS 2.0LOW 1.2
CVSS:2.0/AV:L/AC:H/Au:N/C:N/I:P/A:NReferences
LOW3.3
7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected.
CVSS 3.xLOW 3.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NLOW3.3
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected.
CVSS 3.xLOW 3.3
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NHIGH7.8
7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18589.
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H