cbcvebase.
CVE-2023-52168
published 2024-07-03

CVE-2023-52168: The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at…

PriorityP342high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
EPSS
0.34%
26.1th percentile
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

Affected

3 ranges
VendorProductVersion rangeFixed in
7-zipp7zip>= 0 < 16.02+transitional.116.02+transitional.1
debian7zip< 7zip 22.01+dfsg-8+deb12u1 (bookworm)7zip 22.01+dfsg-8+deb12u1 (bookworm)
debianp7zip< 7zip 22.01+dfsg-8+deb12u1 (bookworm)7zip 22.01+dfsg-8+deb12u1 (bookworm)

CVSS provenance

nvdv3.18.4HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.4HIGH
vendor_debian8.4HIGH
vendor_ubuntu8.4HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.