Vulnerability Details : CVE-2018-5996
Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2018-5996
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*
- cpe:2.3:a:7-zip:p7zip:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-5996
1.92%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-5996
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-5996
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-5996
-
https://github.com/p7zip-project/p7zip/issues/8
About the CVE-2018-5996 · Issue #8 · p7zip-project/p7zip · GitHub
-
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
7-Zip: Multiple Memory Corruptions via RAR and ZIP | landave's blogExploit;Technical Description;Third Party Advisory
-
https://github.com/p7zip-project/p7zip/issues/32
-
http://www.securitytracker.com/id/1040831
7-Zip RAR and ZIP Archive Processing Flaws Let Remote Users Execute Arbitrary Code - SecurityTracker
-
https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html
0patch Blog: Two Interesting Micropatches For 7-Zip (CVE-2017-17969 and CVE-2018-5996)
Jump to