CVE-2023-52168
published 2024-07-03CVE-2023-52168: The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at…
PriorityP342high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
EPSS
0.34%
26.1th percentile
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 7-zip | p7zip | >= 0 < 16.02+transitional.1 | 16.02+transitional.1 |
| debian | 7zip | < 7zip 22.01+dfsg-8+deb12u1 (bookworm) | 7zip 22.01+dfsg-8+deb12u1 (bookworm) |
| debian | p7zip | < 7zip 22.01+dfsg-8+deb12u1 (bookworm) | 7zip 22.01+dfsg-8+deb12u1 (bookworm) |
CVSS provenance
nvdv3.18.4HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.4HIGH
vendor_debian8.4HIGH
vendor_ubuntu8.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
7-Zip vulnerabilities
vendor_ubuntu·2025-04-15·CVSS 8.4
CVE-2023-52169 [HIGH] 7-Zip vulnerabilities
Title: 7-Zip vulnerabilities
Summary: Several security issues were fixed in 7-Zip.
Igor Pavlov discovered that 7-Zip had several memory-related issues.
An attacker could possibly use these issues to cause 7-Zip to crash,
resulting in a denial of service, or execute arbitrary code.
(CVE-2023-52168, CVE-2023-52169)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2023-52168: 7zip - The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap...
vendor_debian·2023·CVSS 8.4
CVE-2023-52168 [HIGH] CVE-2023-52168: 7zip - The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap...
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
Scope: local
bookworm: resolved (fixed in 22.01+dfsg-8+deb12u1)
forky: resolved (fixed in 24.05+dfsg-1)
sid: resolved (fixed in 24.05+dfsg-1)
trixie: resolved (fixed in 24.05+dfsg-1)
OSV
7zip vulnerabilities
osv·2025-04-15·CVSS 8.4
CVE-2023-52168 [HIGH] 7zip vulnerabilities
7zip vulnerabilities
Igor Pavlov discovered that 7-Zip had several memory-related issues.
An attacker could possibly use these issues to cause 7-Zip to crash,
resulting in a denial of service, or execute arbitrary code.
(CVE-2023-52168, CVE-2023-52169)
OSV
CVE-2023-52168: The NtfsHandler
osv·2024-07-03·CVSS 8.4
CVE-2023-52168 [HIGH] CVE-2023-52168: The NtfsHandler
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
GHSA
GHSA-wgw3-5w65-2g45: The NtfsHandler
ghsa_unreviewed·2024-07-03
CVE-2023-52168 [HIGH] CWE-122 GHSA-wgw3-5w65-2g45: The NtfsHandler
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2024/07/03/10https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/https://sourceforge.net/p/sevenzip/bugs/2402/https://www.openwall.com/lists/oss-security/2024/07/03/10http://www.openwall.com/lists/oss-security/2024/07/03/10https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/https://security.netapp.com/advisory/ntap-20241122-0011/https://sourceforge.net/p/sevenzip/bugs/2402/https://www.openwall.com/lists/oss-security/2024/07/03/10
2024-07-03
Published