CVE-2018-5996

7.8HIGH

Key Information:

Vendor: 7-zip
Status: 7-zip; P7zip
Vendor: CVE Published:; 31 January 2018

Summary

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

References

https://landave.io/2018/01/7-zip-multiple-memory-corrupti...

http://www.securitytracker.com/id/1040831

vdb-entry

https://0patch.blogspot.si/2018/02/two-interesting-microp...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 31, 2018
Vulnerability Reserved
Jan 22, 2018