Vulnerability Details CVE-2023-31102
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.187
EPSS Ranking 94.9%
CVSS Severity
CVSS v3 Score 7.8
References
- https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/
- https://security.netapp.com/advisory/ntap-20231110-0007/
- https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
- https://www.7-zip.org/download.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
- https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/
- https://security.netapp.com/advisory/ntap-20231110-0007/
- https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
- https://www.7-zip.org/download.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
Products affected by CVE-2023-31102
-
cpe:2.3:a:7-zip:7-zip:-
-
cpe:2.3:a:7-zip:7-zip:15.05
-
cpe:2.3:a:7-zip:7-zip:15.06
-
cpe:2.3:a:7-zip:7-zip:15.07
-
cpe:2.3:a:7-zip:7-zip:15.08
-
cpe:2.3:a:7-zip:7-zip:15.09
-
cpe:2.3:a:7-zip:7-zip:15.10
-
cpe:2.3:a:7-zip:7-zip:15.11
-
cpe:2.3:a:7-zip:7-zip:15.12
-
cpe:2.3:a:7-zip:7-zip:15.13
-
cpe:2.3:a:7-zip:7-zip:15.14
-
cpe:2.3:a:7-zip:7-zip:16.00
-
cpe:2.3:a:7-zip:7-zip:16.01
-
cpe:2.3:a:7-zip:7-zip:16.02
-
cpe:2.3:a:7-zip:7-zip:16.03
-
cpe:2.3:a:7-zip:7-zip:16.04
-
cpe:2.3:a:7-zip:7-zip:17.00
-
cpe:2.3:a:7-zip:7-zip:17.01
-
cpe:2.3:a:7-zip:7-zip:18.00
-
cpe:2.3:a:7-zip:7-zip:18.01
-
cpe:2.3:a:7-zip:7-zip:18.03
-
cpe:2.3:a:7-zip:7-zip:18.05
-
cpe:2.3:a:7-zip:7-zip:18.06
-
cpe:2.3:a:7-zip:7-zip:19.00
-
cpe:2.3:a:7-zip:7-zip:19.02
-
cpe:2.3:a:7-zip:7-zip:20.00
-
cpe:2.3:a:7-zip:7-zip:20.02
-
cpe:2.3:a:7-zip:7-zip:21.00
-
cpe:2.3:a:7-zip:7-zip:21.02
-
cpe:2.3:a:7-zip:7-zip:21.03
-
cpe:2.3:a:7-zip:7-zip:21.04
-
cpe:2.3:a:7-zip:7-zip:21.06
-
cpe:2.3:a:7-zip:7-zip:21.07
-
cpe:2.3:a:7-zip:7-zip:3.13
-
cpe:2.3:a:7-zip:7-zip:4.20
-
cpe:2.3:a:7-zip:7-zip:4.23
-
cpe:2.3:a:7-zip:7-zip:4.24
-
cpe:2.3:a:7-zip:7-zip:4.25
-
cpe:2.3:a:7-zip:7-zip:4.26
-
cpe:2.3:a:7-zip:7-zip:4.27
-
cpe:2.3:a:7-zip:7-zip:4.28
-
cpe:2.3:a:7-zip:7-zip:4.29
-
cpe:2.3:a:7-zip:7-zip:4.30
-
cpe:2.3:a:7-zip:7-zip:4.31
-
cpe:2.3:a:7-zip:7-zip:4.32
-
cpe:2.3:a:7-zip:7-zip:4.33
-
cpe:2.3:a:7-zip:7-zip:4.34
-
cpe:2.3:a:7-zip:7-zip:4.35
-
cpe:2.3:a:7-zip:7-zip:4.36
-
cpe:2.3:a:7-zip:7-zip:4.37
-
cpe:2.3:a:7-zip:7-zip:4.38
-
cpe:2.3:a:7-zip:7-zip:4.39
-
cpe:2.3:a:7-zip:7-zip:4.40
-
cpe:2.3:a:7-zip:7-zip:4.41
-
cpe:2.3:a:7-zip:7-zip:4.42
-
cpe:2.3:a:7-zip:7-zip:4.43
-
cpe:2.3:a:7-zip:7-zip:4.44
-
cpe:2.3:a:7-zip:7-zip:4.45
-
cpe:2.3:a:7-zip:7-zip:4.46
-
cpe:2.3:a:7-zip:7-zip:4.47
-
cpe:2.3:a:7-zip:7-zip:4.48
-
cpe:2.3:a:7-zip:7-zip:4.49
-
cpe:2.3:a:7-zip:7-zip:4.50
-
cpe:2.3:a:7-zip:7-zip:4.51
-
cpe:2.3:a:7-zip:7-zip:4.52
-
cpe:2.3:a:7-zip:7-zip:4.53
-
cpe:2.3:a:7-zip:7-zip:4.54
-
cpe:2.3:a:7-zip:7-zip:4.55
-
cpe:2.3:a:7-zip:7-zip:4.56
-
cpe:2.3:a:7-zip:7-zip:4.57
-
cpe:2.3:a:7-zip:7-zip:4.58
-
cpe:2.3:a:7-zip:7-zip:4.59
-
cpe:2.3:a:7-zip:7-zip:4.60
-
cpe:2.3:a:7-zip:7-zip:4.61
-
cpe:2.3:a:7-zip:7-zip:4.62
-
cpe:2.3:a:7-zip:7-zip:4.63
-
cpe:2.3:a:7-zip:7-zip:4.64
-
cpe:2.3:a:7-zip:7-zip:4.65
-
cpe:2.3:a:7-zip:7-zip:9.04
-
cpe:2.3:a:7-zip:7-zip:9.06
-
cpe:2.3:a:7-zip:7-zip:9.07
-
cpe:2.3:a:7-zip:7-zip:9.09
-
cpe:2.3:a:7-zip:7-zip:9.10
-
cpe:2.3:a:7-zip:7-zip:9.11
-
cpe:2.3:a:7-zip:7-zip:9.12
-
cpe:2.3:a:7-zip:7-zip:9.13
-
cpe:2.3:a:7-zip:7-zip:9.14
-
cpe:2.3:a:7-zip:7-zip:9.15
-
cpe:2.3:a:7-zip:7-zip:9.16
-
cpe:2.3:a:7-zip:7-zip:9.17
-
cpe:2.3:a:7-zip:7-zip:9.18
-
cpe:2.3:a:7-zip:7-zip:9.19
-
cpe:2.3:a:7-zip:7-zip:9.20
-
cpe:2.3:a:7-zip:7-zip:9.21
-
cpe:2.3:a:7-zip:7-zip:9.22
-
cpe:2.3:a:7-zip:7-zip:9.34
-
cpe:2.3:a:7-zip:7-zip:9.35
-
cpe:2.3:a:7-zip:7-zip:9.36
-
cpe:2.3:a:7-zip:7-zip:9.38
-
cpe:2.3:a:netapp:active_iq_unified_manager:-
-
cpe:2.3:a:netapp:oncommand_workflow_automation:-
-
cpe:2.3:o:linux:linux_kernel:-