CVE-2018-10115
published 2018-05-02CVE-2018-10115: Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a…
PriorityP180high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
4.73%
90.7th percentile
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7-zip | 7-zip | <= 18.03 | — |
| debian | p7zip-rar | < p7zip-rar 16.02-3 (bookworm) | p7zip-rar 16.02-3 (bookworm) |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger vector is a crafted RAR archive processed by 7-Zip's RAR decoder; any RAR file submitted to 7-Zip ≤18.03 should be treated as potentially malicious in this context. ↗
- →The vulnerability lies in the RAR decoder component specifically; monitor or restrict RAR archive processing in 7-Zip / p7zip builds that include RAR support. ↗
- →Detailed exploitation analysis (uninitialized memory to RCE) is available at the researcher's write-up; useful for building behavioral detections around 7-Zip RAR parsing crashes/exploits. ↗
- ·Fedora and EPEL p7zip packages are NOT affected because RAR source code was removed due to license incompatibility with LGPL; no patch needed for those builds. ↗
- ·Red Hat Enterprise Linux 8 p7zip is also listed as not affected for the same reason (no RAR support in the package). ↗
- ·Only 7-Zip / p7zip builds that include RAR decoder support are vulnerable; verify whether the deployed binary includes RAR support before prioritising remediation. ↗
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vulncheck7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution
vendor_redhat·2018-05-01·CVSS 7.8
CVE-2018-10115 [HIGH] CWE-119 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution
p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Package: p7zip (Red Hat Enterprise Linux 8) - Not affected
Debian
CVE-2018-10115: p7zip-rar - Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before ...
vendor_debian·2018·CVSS 7.8
CVE-2018-10115 [HIGH] CVE-2018-10115: p7zip-rar - Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before ...
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Scope: local
bookworm: resolved (fixed in 16.02-3)
bullseye: resolved (fixed in 16.02-3)
trixie: resolved (fixed in 16.02-3)
GHSA
GHSA-75r2-jhx8-x356: Incorrect initialization logic of RAR decoder objects in 7-Zip 18
ghsa_unreviewed·2022-05-13
CVE-2018-10115 [HIGH] CWE-665 GHSA-75r2-jhx8-x356: Incorrect initialization logic of RAR decoder objects in 7-Zip 18
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
OSV
CVE-2018-10115: Incorrect initialization logic of RAR decoder objects in 7-Zip 18
osv·2018-05-02·CVSS 7.8
CVE-2018-10115 [HIGH] CVE-2018-10115: Incorrect initialization logic of RAR decoder objects in 7-Zip 18
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
VulnCheck
7-zip 7-zip Improper Initialization
vulncheck·2018·CVSS 7.8
CVE-2018-10115 [HIGH] 7-zip 7-zip Improper Initialization
7-zip 7-zip Improper Initialization
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Affected: 7-zip 7-zip
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.csk.gov.in/alerts/STOP_ransomware.html; https://www.ivanti.com/resources/v/doc/pr-survey-report/ransomware-quarterly-indexreport_q2-q3
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-10115 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution
bugzilla·2018-05-03·CVSS 7.8
CVE-2018-10115 [HIGH] CVE-2018-10115 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution
CVE-2018-10115 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
References:
https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
Discussion:
Created p7zip tracking bugs for this issue:
Affects: epel-all [bug 1574416]
Affects: fedora-all [bug 1574415]
---
Our packages do not provide RAR support.
Bugzilla
CVE-2018-10115 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution [fedora-all]
bugzilla·2018-05-03·CVSS 7.8
CVE-2018-10115 [HIGH] CVE-2018-10115 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution [fedora-all]
CVE-2018-10115 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Bugzilla
CVE-2018-10115 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution [epel-all]
bugzilla·2018-05-03·CVSS 7.8
CVE-2018-10115 [HIGH] CVE-2018-10115 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution [epel-all]
CVE-2018-10115 p7zip: unitialized memory due to incorrect logic of RAR decoder might lead to arbitrary code execution [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOT
http://www.securityfocus.com/bid/104132http://www.securitytracker.com/id/1040832https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/http://www.securityfocus.com/bid/104132http://www.securitytracker.com/id/1040832https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
2018-05-02
Published
Exploited in the wild