Vulnerabilities (CVE-2023-40481, CVE-2023-31102) in 7-ZIP; fixed in version 23.00 (August 2023) (2024)

FAQs

What is CVE-2023-31102 7-Zip? ›

What is CVE-2023-31102? CVE-2023-31102 is a high-severity vulnerability affecting the PPMD codec of the 7-Zip software, specifically in the Ppmd7. c file. This vulnerability is present in 7-Zip versions prior to 23.00 and can lead to an integer underflow and invalid read operation via a crafted 7Z archive.

CVE-2023-31102 is a 7Z File Parsing Integer Underflow Remote Code Execution vulnerability in 7-Zip that has been assigned a CVE score of 7.8 (i.e., risk is high). The Zero Day Initiative writes that this vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip.

7-Zip vulnerability or CVE-2022-29072 is an active zero-day vulnerability and is characterized as allowing privilege escalation and command execution for Windows when a file with the . 7z extension is dragged to the Help > Contents area.

The CVE-2023-25136 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This double-free issue in OpenSSH server 9.1 has been fixed in version 9.2. Although exploiting the vulnerability is considered difficult, it's important to update your system to mitigate potential risks.

7-zip is generally considered safe to use. It has been widely used for many years, and its source code has been reviewed by security experts due to its open-source nature. However, like any software, it's important to download it from trusted sources and keep it up to date to minimize any potential security risks.

7-Zip is a free file compression program that also allows you to encrypt and password protect the files you compress. You can compress multiple files into a single archive file. For someone to open an encrypted file created with 7-Zip that person will need to have 7-Zip or a compatible program.

CVE-2023-52169

The NtfsHandler. cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image.

The weakest link in any computer security system is people.

The Disadvantages

They include file size limits, file type limits, corruption and mobility issues. One of many disadvantages associated with ZIP archive files is compression limits. Some files cannot be compressed much more than they already are. This is especially true for MP3 files and JPG files.

CVE-2023-38408 is a vulnerability that enables remote code execution and resides in the SSH-agent's forwarded feature, particularly in relation to the PKCS#11 providers. Exploiting the SSH-agent's support for PKCS#11 under specific conditions allows attackers to execute remote code through a forwarded agent socket.

What is CVE 2023 28531? ›

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.

CVE-2023-21823 is a critical security vulnerability that affects the graphics component of Microsoft Windows. It allows an attacker to execute arbitrary code in an elevated context. It affects various versions of Microsoft Windows, including Windows 10 and 11.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQFS files.

The 7-zip data error is an error message that appears when you try to extract or open a compressed file using the 7-Zip utility. This error typically occurs when the compressed file or archive has been corrupted or damaged in some way.

This vulnerability is exploited when WinRAR is used to extract a ZIP archive containing both a benign file and a folder sharing the same name as the benign file. When attempting to access the benign file, WinRAR inadvertently executes the file present within the folder.

Both . zip and . 7z are lossless compression formats. .7z is newer and is likely to give you a better compression ratio, but it's not as widely supported as . zip, and I think it's somewhat more computationally expensive to compress/decompress.