跳转到帖子

7-Zip: CVE-2023-52168: Heap-based Buffer Overflow

recommended_posts

发布于
  • Members

7-Zip: CVE-2023-52168: Heap-based Buffer Overflow

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
07/03/2023
Created
07/31/2024
Added
07/30/2024
Modified
07/31/2024

Description

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

Solution(s)

  • 7-zip-7-zip-upgrade-latest

References

  • https://attackerkb.com/topics/cve-2023-52168
  • CVE - 2023-52168
  • https://nvd.nist.gov/vuln/detail/CVE-2023-52168
  • https://www.7-zip.org/download.html
  • 查看数 696
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

游客
回帖…