CVE-2018-5996

Name
CVE-2018-5996
Description
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
MISC https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html
SECTRACK http://www.securitytracker.com/id/1040831

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:* 7-zip >= None < 18.00
cpe:2.3:a:7-zip:p7zip:*:*:*:*:*:*:*:* p7zip >= None < 18.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
p7zip 3.12-main 16.02-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
p7zip 3.11-main 16.02-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
p7zip 3.10-main 16.02-r3 Natanael Copa <ncopa@alpinelinux.org> fixed
p7zip 3.14-main 16.02-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
p7zip 3.13-main 16.02-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
p7zip 3.15-main 16.02-r4 Natanael Copa <ncopa@alpinelinux.org> fixed
p7zip 3.16-main 17.04-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
p7zip 3.17-main 17.04-r3 Natanael Copa <ncopa@alpinelinux.org> fixed