CVE-2023-31102 — Integer Underflow (Wrap or Wraparound) in 7-zip

Severity

7.8HIGHNVD

EPSS

38.4%

top 2.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 3

Latest updateNov 6

Description

Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

▶NVD7-zip/7-zip< 22.01

▶debiandebian/7zip< 7zip 23.01+dfsg-1 (forky)

▶debiandebian/p7zip< 7zip 23.01+dfsg-1 (forky)

▶Debian7-zip/p7zip< 16.02+transitional.1

OSV

CVE-2023-31102: Ppmd7↗2023-11-03

▶

GHSA

GHSA-4cc6-f2xj-w7jx: 7-Zip through 22↗2023-11-03

▶

Suricata

ET EXPLOIT 7-Zip 7z File PPMd Properties Parsing Integer Underflow (CVE-2023-31102)↗2025-11-06

▶

CISA ICS

Rockwell Automation AADvance Trusted SIS Workstation↗2024-09-12

▶

Debian

CVE-2023-31102: 7zip - Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read opera...↗2023

▶