All errata/sisyphus/ALT-PU-2024-15047-2
ALT-PU-2024-15047-2

Package update p7zip in branch sisyphus

Version17.05-alt3
Task#361440
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (4)

BDU:2024-04975
CRITICAL9.0

Уязвимость обработчика NTFS в файле NtfsHandler.cpp архиватора 7-Zip, позволяющая нарушителю выполнить произвольный код

Published: 2024-07-04Modified: 2025-05-06
CVSS 3.xCRITICAL 9.0
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 2.0HIGH 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C
References
BDU:2024-11604
HIGH8.2

Уязвимость функции CFileNameAttr::Parse() файла NtfsHandler.cpp архиватора 7-Zip, позволяющая нарушителю загружать произвольные файлы и получить несанкционированный доступ к защищаемой информации

Published: 2025-01-30Modified: 2025-08-13
CVSS 3.xHIGH 8.2
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
References
CVE-2023-52168
HIGH8.4

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

Published: 2024-07-03Modified: 2026-04-15
CVSS 3.xHIGH 8.4
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
CVE-2023-52169
HIGH8.2

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.

Published: 2024-07-03Modified: 2026-04-15
CVSS 3.xHIGH 8.2
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
References