Other IDs this deficiency may be known by:
|Date Last Modified
Version Specific Information:
|Cucumber 1.0 i686||fixed in p7zip-16.02-i686-4 |
|Cucumber 1.0 x86_64||fixed in p7zip-16.02-x86_64-4 |
|Cucumber 1.1 i686
||fixed in p7zip-16.02-i686-4 |
|Cucumber 1.1 x86_64
||fixed in p7zip-16.02-x86_64-4 |
=================================== Overview ===================================
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before
can lead to usage of uninitialized memory, allowing remote attackers to cause a
denial of service (segmentation fault) or execute arbitrary code via a crafted
================================ Initial Report ================================
May 1, 2018
7-Zip: From Uninitialized Memory to Remote Code Execution
After my previous post on the 7-Zip bugs CVE-2017-17969 and CVE-2018-5996, I
continued to spend time on analyzing antivirus software. As it happens, I found
a new bug that (as the last two bugs) turned out to affect 7-Zip as well. Since
the antivirus vendor has not yet published a patch, I will add the name of the
affected product in an update to this post as soon as this happens.
UPDATE (2018-06-05): The antivirus vendor I was talking about was F-Secure.
See the full report at
================================= Our Analysis =================================
----- Affected Products -----
Versions of p7zip prior to 18.05 that have not had the "patch" from
https://landave.io/files/patch_7zip_CVE-2018-10115.txt applied are vulnerable.
This includes p7zip as originally packaged in Cucumber Linux 1.0 and 1.1.
----- Scope and Impact of this Vulnerability -----
Allows for arbitrary code execution when extracting a maliciously crafted RAR
----- Fix for this Vulnerability -----
This vulnerability can be fixed by upgrading to p7zip 18.05 or later or by
applying the "patch" from
https://landave.io/files/patch_7zip_CVE-2018-10115.txt. Fortunately, the Arch
Linux project has provided a proper patch at
================================= Our Solution =================================
We have applied the patch from
and rebuilt p7zip.