CVE-2022-47069
published 2023-08-22CVE-2022-47069: p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at…
PriorityP434high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.30%
21.2th percentile
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found that this is not a buffer overflow; at most an out-of-bounds read can occur.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7-zip | p7zip | — | — |
| 7-zip | p7zip | >= 0 < 16.02+transitional.1 | 16.02+transitional.1 |
| debian | p7zip | < p7zip 16.02+transitional.1 (trixie) | p7zip 16.02+transitional.1 (trixie) |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hjgv-c5xv-9h9v: p7zip 16
ghsa_unreviewed·2023-08-22
CVE-2022-47069 [HIGH] CWE-787 GHSA-hjgv-c5xv-9h9v: p7zip 16
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.
OSV
CVE-2022-47069: p7zip 16
osv·2023-08-22·CVSS 7.8
CVE-2022-47069 [HIGH] CVE-2022-47069: p7zip 16
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found that this is not a buffer overflow; at most an out-of-bounds read can occur.
CISA ICS
Siemens SCALANCE W700
cisa_ics·2025-02-13
Siemens SCALANCE W700
ICS Advisory
##
Siemens SCALANCE W700
Release DateFebruary 13, 2025
Alert CodeICSA-25-044-09
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE W700
- Vulnerabilities: Double Free, Improper Restriction of Communication Channel to Intended Endpoints, Improper Resource Sh
Red Hat
p7zip: Heap buffer overflow in ZipIn.cpp
vendor_redhat·2022-12-09·CVSS 7.8
CVE-2023-1576 [HIGH] CWE-119 p7zip: Heap buffer overflow in ZipIn.cpp
p7zip: Heap buffer overflow in ZipIn.cpp
No description is available for this CVE.
Statement: This is a duplicate of an earlier vulnerability, CVE-2022-47069.
Debian
CVE-2022-47069: p7zip - p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via t...
vendor_debian·2022·CVSS 7.8
CVE-2022-47069 [HIGH] CVE-2022-47069: p7zip - p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via t...
p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found that this is not a buffer overflow; at most an out-of-bounds read can occur.
Scope: local
bookworm: open
bullseye: open
trixie: resolved (fixed in 16.02+transitional.1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-22
Published