CVE-2023-31102

high-risk
Published 2023-11-03

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.

Do I need to act?

!
38.4% chance of exploitation in next 30 days
EPSS score — higher than 62% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (3)

Affected Vendors

Netapp 7-Zip

References (10)

https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/
Third Party Advisory https://security.netapp.com/advisory/ntap-20231110-0007/
Issue Tracking https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
Product https://www.7-zip.org/download.html
Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/
Third Party Advisory https://security.netapp.com/advisory/ntap-20231110-0007/
Issue Tracking https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
Product https://www.7-zip.org/download.html
Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
50
/ 100
high-risk
Severity 24/34 · High
Exploitability 17/34 · Moderate
Exposure 9/34 · Low