Vulnerability Name: | CVE-2018-10115 (CCN-142853) | ||||||||||||||||||||||||||||||||||||||||
Assigned: | 2018-05-01 | ||||||||||||||||||||||||||||||||||||||||
Published: | 2018-05-01 | ||||||||||||||||||||||||||||||||||||||||
Updated: | 2020-08-24 | ||||||||||||||||||||||||||||||||||||||||
Summary: | Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive. | ||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-665 CWE-908 | ||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-10115 Source: BID Type: Third Party Advisory, VDB Entry 104132 Source: CCN Type: BID-104132 7-Zip CVE-2018-10115 Remote Code Execution Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040832 Source: XF Type: UNKNOWN 7zip-cve201810115-code-exec(142853) Source: MISC Type: Exploit, Third Party Advisory https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ Source: CCN Type: SourceForge 7-Zip Web page 7-Zip 18.05 Source: CONFIRM Type: Issue Tracking https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/ | ||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
BACK |