CVE-2023-52168

CVE-2023-52168

Name

CVE-2023-52168

Description

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://sourceforge.net/p/sevenzip/bugs/2402/
	https://www.openwall.com/lists/oss-security/2024/07/03/10
mailing-list	http://www.openwall.com/lists/oss-security/2024/07/03/10
	https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20241122-0011/

Type

URI

https://sourceforge.net/p/sevenzip/bugs/2402/

https://www.openwall.com/lists/oss-security/2024/07/03/10

mailing-list

http://www.openwall.com/lists/oss-security/2024/07/03/10

https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/

af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20241122-0011/

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a

CPE URI

Source package

Min version

Max version

n/a

== n/a

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
7zip	3.20-main	23.01-r0	Alex Xu (Hello71) <alex_y_xu@yahoo.ca>	possibly vulnerable
7zip	3.19-main	23.01-r0	Alex Xu (Hello71) <alex_y_xu@yahoo.ca>	possibly vulnerable
7zip	3.18-main	22.01-r5	Alex Xu (Hello71) <alex_y_xu@yahoo.ca>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

7zip

3.20-main

23.01-r0

Alex Xu (Hello71) <alex_y_xu@yahoo.ca>

possibly vulnerable

7zip

3.19-main