CVE-2016-2334
published 2016-12-13CVE-2016-2334: Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary…
PriorityP347high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
14.74%
96.3th percentile
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7-zip | 7-zip | <= 15.14 | — |
| 7-zip | p7zip | >= 0 < 15.14.1+dfsg-2 | 15.14.1+dfsg-2 |
| 7-zip | p7zip | >= 0 < 15.14.1+dfsg-2 | 15.14.1+dfsg-2 |
| 7-zip | p7zip | >= 0 < 15.14.1+dfsg-2 | 15.14.1+dfsg-2 |
| debian | p7zip | < p7zip 15.14.1+dfsg-2 (bookworm) | p7zip 15.14.1+dfsg-2 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-62c7-f6mx-fmm8: Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16
ghsa_unreviewed·2022-05-17
CVE-2016-2334 [HIGH] CWE-119 GHSA-62c7-f6mx-fmm8: Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
OSV
CVE-2016-2334: Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16
osv·2016-12-13·CVSS 7.8
CVE-2016-2334 [HIGH] CVE-2016-2334: Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
Debian
CVE-2016-2334: p7zip - Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile meth...
vendor_debian·2016·CVSS 7.8
CVE-2016-2334 [HIGH] CVE-2016-2334: p7zip - Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile meth...
Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.
Scope: local
bookworm: resolved (fixed in 15.14.1+dfsg-2)
bullseye: resolved (fixed in 15.14.1+dfsg-2)
trixie: resolved (fixed in 15.14.1+dfsg-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-2334 p7zip: Heap-buffer-overflow vulnerability
bugzilla·2016-05-12·CVSS 7.8
CVE-2016-2334 [HIGH] CVE-2016-2334 p7zip: Heap-buffer-overflow vulnerability
CVE-2016-2334 p7zip: Heap-buffer-overflow vulnerability
An exploitable heap overflow vulnerability exists in the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7-Zip. In the HFS+ file system, files can be stored in compressed form using zlib. There are three different ways of keeping data in that form depending on the size of the data. Data from files whose compressed size is bigger than 3800 bytes is stored in a resource fork, split into blocks.
Block size information and their offsets are kept in a table just after the resource fork header. Prior to decompression, the ExtractZlibFile method reads the block size and its offset from the file. After that, it reads block data into static size buffer "buf". There is no check whether the size of the block is bigger than siz
Bugzilla
CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [fedora-all]
bugzilla·2016-05-12·CVSS 7.8
CVE-2016-2334 [HIGH] CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [fedora-all]
CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While on
Bugzilla
CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [epel-all]
bugzilla·2016-05-12·CVSS 7.8
CVE-2016-2334 [HIGH] CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [epel-all]
CVE-2016-2334 CVE-2016-2335 p7zip: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL.
Talos
Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
blogs_talos·2017-11-30·CVSS 7.8
CVE-2016-2334 [HIGH] Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
## Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
This blog post was authored by Marcin Noga of Cisco Talos.
## Introduction In 2016 Talos released an advisory for CVE-2016-2334 , which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of weaponizing this vulnerability and creating a fully working exploit that leverages it on Windows 7 x86 with the affected version of 7zip (x86 15.05 beta) installed.
## Analysis First a quick look at the vulnerable portion of the 7zip code. Additional technical details regarding this vulnerability can be found in the aforementioned advisory report.
The vulnerability manifests during the decompression of a compre
Talos
Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
blogs_talos·2017-11-30·CVSS 7.8
CVE-2016-2334 [HIGH] Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
This blog post was authored by Marcin Noga of Cisco Talos.
## IntroductionIn 2016 Talos released an advisory forCVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of weaponizing this vulnerability and creating a fully working exploit that leverages it on Windows 7 x86 with the affected version of 7zip (x86 15.05 beta) installed.
## AnalysisFirst a quick look at the vulnerable portion of the 7zip code. Additional technical details regarding this vulnerability can be found in the aforementioned advisory report.
The vulnerability manifests during the decompression of a compressed file located on an HFS+ filesystem. It is present within the CHandler::ExtractZlibF
Talos
Multiple 7-Zip Vulnerabilities Discovered by Talos
blogs_talos·2016-05-11·CVSS 8.8
[HIGH] Multiple 7-Zip Vulnerabilities Discovered by Talos
7-Zip vulnerabilities were discovered by Marcin Noga.
Update 2016-05-12: Related advisories for the 7-Zip issues covered in this blog can be found here:
http://www.talosintel.com/reports/TALOS-2016-0093/
http://www.talosintel.com/reports/TALOS-2016-0094/
7-Zip is an open-source file archiving application which features optional AES-256 encryption, support for large files, and the ability to use “any compression, conversion or encryption method”. Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip. These type of vulnerabilities are especially concerning since vendors may not be aware they are using the affected libraries. This can be of particular concern, for example, when it comes to security devices or antivirus products. 7-Zip is supported on all major pl
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.htmlhttp://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlhttp://www.securityfocus.com/bid/90531http://www.securitytracker.com/id/1035876http://www.talosintel.com/reports/TALOS-2016-0093/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/https://security.gentoo.org/glsa/201701-27http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.htmlhttp://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlhttp://www.securityfocus.com/bid/90531http://www.securitytracker.com/id/1035876http://www.talosintel.com/reports/TALOS-2016-0093/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DNYIQAU3FKFBNFPK6GKYTSVRHQA7PTYT/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DTGWICT3KYYDPDXRNO5SXD32GZICGRIR/https://security.gentoo.org/glsa/201701-27
2016-12-13
Published