Описание
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 24.09+dfsg-7 |
| esm-apps/jammy | released | 21.07+dfsg-4ubuntu0.1~esm1 |
| esm-apps/noble | released | 23.01+dfsg-11ubuntu0.1~esm1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needed | |
| mantic | ignored | end of life, was needs-triage |
| noble | needed | |
| oracular | not-affected | 24.08+dfsg-1 |
| plucky | not-affected | 24.09+dfsg-7 |
Показывать по
8.2 High
CVSS3
Связанные уязвимости
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) conta ...
The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.
Уязвимость функции CFileNameAttr::Parse() файла NtfsHandler.cpp архиватора 7-Zip, позволяющая нарушителю загружать произвольные файлы и получить несанкционированный доступ к защищаемой информации
8.2 High
CVSS3