ZDI-CAN-18588: ZDI-23-1165: 7-Zip 7Z File Parsing Integer Underflow Remote Code Execution Vulnerability
First published: Wed Aug 23 2023(Updated: )
This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 7-Zip 7-Zip |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is ZDI-CAN-18588?
ZDI-CAN-18588 is a vulnerability in 7-Zip that allows remote attackers to execute arbitrary code.
How does ZDI-CAN-18588 work?
ZDI-CAN-18588 exploits a parsing flaw in 7-Zip's handling of 7Z files, which allows for remote code execution.
Is user interaction required to exploit ZDI-CAN-18588?
Yes, user interaction is required. The target must visit a malicious page or open a malicious file.
What is the severity of ZDI-CAN-18588?
ZDI-CAN-18588 has a severity rating of 7.8 (High).
How can I fix ZDI-CAN-18588?
There is currently no patch or update available for ZDI-CAN-18588. It is recommended to take caution when opening 7Z files from untrusted sources.
- collector/zdi-published
- alias/ZDI-CAN-18588
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-23-1165
- alias/CVE-2023-31102
- agent/software-canonical-lookup
- agent/title
- agent/severity
- agent/references
- agent/description
- agent/tags
- agent/type
- agent/event
- vendor/7-zip
- canonical/7-zip 7-zip