What is the severity of CVE-2023-52169?

CVE-2023-52169 has been classified as a moderate severity vulnerability due to its potential for unauthorized reading of memory contents.

How do I fix CVE-2023-52169?

To fix CVE-2023-52169, update to 7-Zip version 24.01 or later, which contains the necessary patch.

What type of vulnerability is CVE-2023-52169?

CVE-2023-52169 is an out-of-bounds read vulnerability that can cause unintended data exposure.

What software is affected by CVE-2023-52169?

CVE-2023-52169 affects versions of 7-Zip prior to 24.01.

Can CVE-2023-52169 be exploited remotely?

CVE-2023-52169 requires local access to exploit, as it involves reading beyond a buffer in the application's memory.

Vulnerability/
CVE-2023-52169

high

8.2

CWE

125

3/7/2024

21/11/2024

CVE-2023-52169: CVE-2023-52168, CVE-2023-52169: buffer overflow, over-ad vulnerabilities in the 7-Zip archiver

First published: Wed Jul 03 2024(Updated: )

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
The7	<24.01

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-52169?
CVE-2023-52169 has been classified as a moderate severity vulnerability due to its potential for unauthorized reading of memory contents.
How do I fix CVE-2023-52169?
To fix CVE-2023-52169, update to 7-Zip version 24.01 or later, which contains the necessary patch.
What type of vulnerability is CVE-2023-52169?
CVE-2023-52169 is an out-of-bounds read vulnerability that can cause unintended data exposure.
What software is affected by CVE-2023-52169?
CVE-2023-52169 affects versions of 7-Zip prior to 24.01.
Can CVE-2023-52169 be exploited remotely?
CVE-2023-52169 requires local access to exploit, as it involves reading beyond a buffer in the application's memory.

agent/type
agent/description
agent/first-publish-date
collector/oss-sec
source/oss-sec
alias/CVE-2023-52168
alias/CVE-2023-52169
agent/title
agent/author
agent/references
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/weakness
agent/last-modified-date
agent/severity
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/7-zip
canonical/the7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.