Lucene search

CertccCVE-2016-2335

HistoryJun 07, 2016 - 2:06 p.m.

CVE-2016-2335

2016-06-0714:06:12

CWE-119

certcc

web.nvd.nist.gov

cinarchive

readfileitem

7zip

9.20

15.05 beta

p7zip

remote attackers

denial of service

execute arbitrary code

out-of-bounds read

udf file

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.013

Percentile

85.9%

JSON

The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code via the PartitionRef field in the Long Allocation Descriptor in a UDF file.

Affected configurations

Nvd

Node

opensuseopensuseMatch13.2

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

Node

7-zip7-zipMatch9.20

7-zip7-zipMatch15.05beta

VendorProductVersionCPE
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
7-zip7-zip9.20cpe:2.3:a:7-zip:7-zip:9.20:*:*:*:*:*:*:*
7-zip7-zip15.05cpe:2.3:a:7-zip:7-zip:15.05:beta:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
7-zip	7-zip	9.20	cpe:2.3:a:7-zip:7-zip:9.20:::::::*
7-zip	7-zip	15.05	cpe:2.3:a:7-zip:7-zip:15.05:beta::::::