admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-40481.md

18 lines
1.1 KiB
Markdown
Raw Normal View History

Update CVE sources 2024-05-28 08:49
2024-05-28 08:49:17 +00:00
### [CVE-2023-40481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40481)
![](https://img.shields.io/static/v1?label=Product&message=7-Zip&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%2022.01%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen)
### Description
7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18589.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/immortalp0ny/mypocs
Reference in New Issue Copy Permalink