CVE-2018-5996Improper Restriction of Operations within the Bounds of a Memory Buffer in P7zip

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-121Stack-based Buffer OverflowCWE-122Heap-based Buffer Overflow8 documents8 sources
Severity
7.8HIGHNVD
EPSS
4.5%
top 10.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
25
7-zip7-zip P7zipDebian P7zip-rar+22 more
Timeline
PublishedJan 31
Latest updateMay 13

Description

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages24 packages

NVD7-zip/p7zip< 18.0
debiandebian/p7zip-rar< p7zip-rar 16.02-2 (bookworm)

Also affects: Debian Linux 7.0, 8.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-2jr3-p4jr-g977: Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 182022-05-13
OSV
CVE-2018-5996: Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 182018-01-31

💥Exploits & PoCs

1
Exploit-DB
Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)2018-07-23

📋Vendor Advisories

3
Red Hat
p7zip: memory corruption in RAR decompression2018-01-23
Microsoft
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code allows remote attackers to c2018-01-09
Debian
CVE-2018-5996: p7zip-rar - Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code o...2018

💬Community

1
Bugzilla
CVE-2018-5996 p7zip: memory corruption in RAR decompression2018-01-25
CVE-2018-5996 — 7-zip P7zip vulnerability | cvebase