Vulnerability Details CVE-2018-5996
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.082
EPSS Ranking 91.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
- http://www.securitytracker.com/id/1040831
- https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html
- https://github.com/p7zip-project/p7zip/issues/32
- https://github.com/p7zip-project/p7zip/issues/8
- https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
- http://www.securitytracker.com/id/1040831
- https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html
- https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
Products affected by CVE-2018-5996
-
cpe:2.3:a:7-zip:7-zip:-
-
cpe:2.3:a:7-zip:7-zip:15.05
-
cpe:2.3:a:7-zip:7-zip:15.06
-
cpe:2.3:a:7-zip:7-zip:15.07
-
cpe:2.3:a:7-zip:7-zip:15.08
-
cpe:2.3:a:7-zip:7-zip:15.09
-
cpe:2.3:a:7-zip:7-zip:15.10
-
cpe:2.3:a:7-zip:7-zip:15.11
-
cpe:2.3:a:7-zip:7-zip:15.12
-
cpe:2.3:a:7-zip:7-zip:15.13
-
cpe:2.3:a:7-zip:7-zip:15.14
-
cpe:2.3:a:7-zip:7-zip:16.00
-
cpe:2.3:a:7-zip:7-zip:16.01
-
cpe:2.3:a:7-zip:7-zip:16.02
-
cpe:2.3:a:7-zip:7-zip:16.03
-
cpe:2.3:a:7-zip:7-zip:16.04
-
cpe:2.3:a:7-zip:7-zip:17.00
-
cpe:2.3:a:7-zip:7-zip:17.01
-
cpe:2.3:a:7-zip:7-zip:3.13
-
cpe:2.3:a:7-zip:7-zip:4.20
-
cpe:2.3:a:7-zip:7-zip:4.23
-
cpe:2.3:a:7-zip:7-zip:4.24
-
cpe:2.3:a:7-zip:7-zip:4.25
-
cpe:2.3:a:7-zip:7-zip:4.26
-
cpe:2.3:a:7-zip:7-zip:4.27
-
cpe:2.3:a:7-zip:7-zip:4.28
-
cpe:2.3:a:7-zip:7-zip:4.29
-
cpe:2.3:a:7-zip:7-zip:4.30
-
cpe:2.3:a:7-zip:7-zip:4.31
-
cpe:2.3:a:7-zip:7-zip:4.32
-
cpe:2.3:a:7-zip:7-zip:4.33
-
cpe:2.3:a:7-zip:7-zip:4.34
-
cpe:2.3:a:7-zip:7-zip:4.35
-
cpe:2.3:a:7-zip:7-zip:4.36
-
cpe:2.3:a:7-zip:7-zip:4.37
-
cpe:2.3:a:7-zip:7-zip:4.38
-
cpe:2.3:a:7-zip:7-zip:4.39
-
cpe:2.3:a:7-zip:7-zip:4.40
-
cpe:2.3:a:7-zip:7-zip:4.41
-
cpe:2.3:a:7-zip:7-zip:4.42
-
cpe:2.3:a:7-zip:7-zip:4.43
-
cpe:2.3:a:7-zip:7-zip:4.44
-
cpe:2.3:a:7-zip:7-zip:4.45
-
cpe:2.3:a:7-zip:7-zip:4.46
-
cpe:2.3:a:7-zip:7-zip:4.47
-
cpe:2.3:a:7-zip:7-zip:4.48
-
cpe:2.3:a:7-zip:7-zip:4.49
-
cpe:2.3:a:7-zip:7-zip:4.50
-
cpe:2.3:a:7-zip:7-zip:4.51
-
cpe:2.3:a:7-zip:7-zip:4.52
-
cpe:2.3:a:7-zip:7-zip:4.53
-
cpe:2.3:a:7-zip:7-zip:4.54
-
cpe:2.3:a:7-zip:7-zip:4.55
-
cpe:2.3:a:7-zip:7-zip:4.56
-
cpe:2.3:a:7-zip:7-zip:4.57
-
cpe:2.3:a:7-zip:7-zip:4.58
-
cpe:2.3:a:7-zip:7-zip:4.59
-
cpe:2.3:a:7-zip:7-zip:4.60
-
cpe:2.3:a:7-zip:7-zip:4.61
-
cpe:2.3:a:7-zip:7-zip:4.62
-
cpe:2.3:a:7-zip:7-zip:4.63
-
cpe:2.3:a:7-zip:7-zip:4.64
-
cpe:2.3:a:7-zip:7-zip:4.65
-
cpe:2.3:a:7-zip:7-zip:9.04
-
cpe:2.3:a:7-zip:7-zip:9.06
-
cpe:2.3:a:7-zip:7-zip:9.07
-
cpe:2.3:a:7-zip:7-zip:9.09
-
cpe:2.3:a:7-zip:7-zip:9.10
-
cpe:2.3:a:7-zip:7-zip:9.11
-
cpe:2.3:a:7-zip:7-zip:9.12
-
cpe:2.3:a:7-zip:7-zip:9.13
-
cpe:2.3:a:7-zip:7-zip:9.14
-
cpe:2.3:a:7-zip:7-zip:9.15
-
cpe:2.3:a:7-zip:7-zip:9.16
-
cpe:2.3:a:7-zip:7-zip:9.17
-
cpe:2.3:a:7-zip:7-zip:9.18
-
cpe:2.3:a:7-zip:7-zip:9.19
-
cpe:2.3:a:7-zip:7-zip:9.20
-
cpe:2.3:a:7-zip:7-zip:9.21
-
cpe:2.3:a:7-zip:7-zip:9.22
-
cpe:2.3:a:7-zip:7-zip:9.34
-
cpe:2.3:a:7-zip:7-zip:9.35
-
cpe:2.3:a:7-zip:7-zip:9.36
-
cpe:2.3:a:7-zip:7-zip:9.38
-
cpe:2.3:a:7-zip:p7zip:-
-
cpe:2.3:a:7-zip:p7zip:0.80
-
cpe:2.3:a:7-zip:p7zip:0.81
-
cpe:2.3:a:7-zip:p7zip:0.90
-
cpe:2.3:a:7-zip:p7zip:0.91
-
cpe:2.3:a:7-zip:p7zip:15.09
-
cpe:2.3:a:7-zip:p7zip:15.14
-
cpe:2.3:a:7-zip:p7zip:15.14.1
-
cpe:2.3:a:7-zip:p7zip:16.02
-
cpe:2.3:a:7-zip:p7zip:16.04
-
cpe:2.3:a:7-zip:p7zip:4.10
-
cpe:2.3:a:7-zip:p7zip:4.12
-
cpe:2.3:a:7-zip:p7zip:4.13
-
cpe:2.3:a:7-zip:p7zip:4.14
-
cpe:2.3:a:7-zip:p7zip:4.14.01
-
cpe:2.3:a:7-zip:p7zip:4.16
-
cpe:2.3:a:7-zip:p7zip:4.18
-
cpe:2.3:a:7-zip:p7zip:4.20
-
cpe:2.3:a:7-zip:p7zip:4.27
-
cpe:2.3:a:7-zip:p7zip:4.29
-
cpe:2.3:a:7-zip:p7zip:4.30
-
cpe:2.3:a:7-zip:p7zip:4.33
-
cpe:2.3:a:7-zip:p7zip:4.37
-
cpe:2.3:a:7-zip:p7zip:4.39
-
cpe:2.3:a:7-zip:p7zip:4.42
-
cpe:2.3:a:7-zip:p7zip:4.43
-
cpe:2.3:a:7-zip:p7zip:4.44
-
cpe:2.3:a:7-zip:p7zip:4.45
-
cpe:2.3:a:7-zip:p7zip:4.47
-
cpe:2.3:a:7-zip:p7zip:4.48
-
cpe:2.3:a:7-zip:p7zip:4.49
-
cpe:2.3:a:7-zip:p7zip:4.51
-
cpe:2.3:a:7-zip:p7zip:4.53
-
cpe:2.3:a:7-zip:p7zip:4.55
-
cpe:2.3:a:7-zip:p7zip:4.57
-
cpe:2.3:a:7-zip:p7zip:4.58
-
cpe:2.3:a:7-zip:p7zip:4.61
-
cpe:2.3:a:7-zip:p7zip:4.65
-
cpe:2.3:a:7-zip:p7zip:9.04
-
cpe:2.3:a:7-zip:p7zip:9.13
-
cpe:2.3:a:7-zip:p7zip:9.20
-
cpe:2.3:a:7-zip:p7zip:9.20.1
-
cpe:2.3:a:7-zip:p7zip:9.38
-
cpe:2.3:a:7-zip:p7zip:9.38.1
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0