CVE-2022-47069Out-of-bounds Write in P7zip

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 88.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
7-zip P7zipDebian P7zip
Timeline
PublishedAug 22
Latest updateFeb 13

Description

p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found that this is not a buffer overflow; at most an out-of-bounds read can occur.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/p7zip< p7zip 16.02+transitional.1 (trixie)
Debian7-zip/p7zip< 16.02+transitional.1
NVD7-zip/p7zip16.02

🔴Vulnerability Details

2
GHSA
GHSA-hjgv-c5xv-9h9v: p7zip 162023-08-22
OSV
CVE-2022-47069: p7zip 162023-08-22

📋Vendor Advisories

3
CISA ICS
Siemens SCALANCE W7002025-02-13
Red Hat
p7zip: Heap buffer overflow in ZipIn.cpp2022-12-09
Debian
CVE-2022-47069: p7zip - p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via t...2022
CVE-2022-47069 — Out-of-bounds Write in Debian P7zip | cvebase