Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2018-5996

Published: 31/01/2018 Updated: 03/10/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to 7-zip

Vulnerability Summary

Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip prior to 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote malicious users to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

7-zip 7-zip

7-zip p7zip

debian debian linux 7.0

debian debian linux 9.0

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow
Debian Bug report logs - #888297 p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow Package: p7zip; Maintainer for p7zip is Robert Luberda <robert@debianorg>; Source for p7zip is src:p7zip (PTS, buildd, popcon) Reported by: Gregor Riepl <onitake@gmailcom> Date: Wed, 24 Jan 2018 18:48:01 UTC Severity: grave Ta ...
Debian CVElist Bug Report Logs: p7zip-rar: CVE-2018-5996: Memory Corruptions via RAR PPMd
Debian Bug report logs - #888314 p7zip-rar: CVE-2018-5996: Memory Corruptions via RAR PPMd Package: p7zip-rar; Maintainer for p7zip-rar is Robert Luberda <robert@debianorg>; Source for p7zip-rar is src:p7zip-rar (PTS, buildd, popcon) Reported by: Gregor Riepl <onitake@gmailcom> Date: Wed, 24 Jan 2018 18:48:01 UTC ...
Debian CVElist Bug Report Logs: p7zip-rar: CVE-2018-10115
Debian Bug report logs - #897674 p7zip-rar: CVE-2018-10115 Package: src:p7zip-rar; Maintainer for src:p7zip-rar is Robert Luberda <robert@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 4 May 2018 06:03:01 UTC Severity: grave Tags: security, upstream Found in version p7zip-rar/1602-1 ...

References

CWE-119https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.htmlhttp://www.securitytracker.com/id/1040831https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888297
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook