-
Notifications
You must be signed in to change notification settings - Fork 0
7‐Zip 23.00 Multiple Vulnerabilities
Fabien edited this page May 22, 2024
·
2 revisions
7-Zip is a popular open-source file archiver with a high compression ratio. Versions prior to 23.00 contain multiple security vulnerabilities that can lead to remote code execution, information disclosure, and other significant security risks.
- Severity: High
- Remote Code Execution (RCE): Certain vulnerabilities allow attackers to execute arbitrary code, potentially leading to full system compromise.
- Information Disclosure: Specific flaws can expose sensitive data to unauthorized users, which can lead to further attacks.
- Denial of Service (DoS): Some vulnerabilities can be exploited to make the 7-Zip application unresponsive, causing service disruptions.
- Improper Input Validation: Many vulnerabilities arise from the software's failure to adequately validate inputs, which can lead to various injection attacks.
- Insecure Configuration: Incorrect or insecure default configurations can expose the 7-Zip application to potential exploits.
- Outdated Versions: Running outdated versions of 7-Zip that have not been updated with security patches.
-
Regular Updates:
- Ensure that 7-Zip is updated to the latest version, at least 23.00 or newer, to mitigate known vulnerabilities.
-
Secure Configuration:
- Configure 7-Zip securely by disabling unnecessary features and ensuring that default settings are secure.
-
Monitoring and Auditing:
- Regularly monitor and audit the use of 7-Zip for suspicious activities and vulnerabilities. Use security tools to scan for potential risks.
-
Education and Awareness:
- Educate users about the importance of using updated software and the risks associated with using outdated versions.
- CVE-2021-3156: Heap-based buffer overflow in Sudo before 1.9.5p2 allows local users to escalate privileges to root via a crafted sudo command.
- CVE-2022-29072: 7-Zip through 21.07 allows attackers to execute arbitrary code or cause a denial of service via a crafted archive.
N/A
- Home - Return to this main page.
- Explore detailed vulnerability categories and entries via the sidebar.
- Microsoft Teams < 1.6.0.11166 Information Disclosure↗
- Microsoft Teams < 1.6.0.18681 RCE↗
- Microsoft Windows Unquoted Service Path Enumeration↗
- Microsoft XML Parser (MSXML) and XML Core Services Unsupported↗
- Security Updates for Microsoft .NET Framework↗
- Security Updates for Microsoft Office Products C2R↗
- Security Updates for Microsoft SQL Server↗
- Windows Defender Antimalware/Antivirus Signature Definition Check↗
- Windows Speculative Execution Configuration Check↗
- WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation↗
- SSL Certificate Cannot Be Trusted↗
- SSL Certificate Chain Contains RSA Keys Less Than 2048 bits↗
- SSL Certificate with Wrong Hostname↗
- SSL Medium Strength Cipher Suites Supported (SWEET32)↗
- SSL Self-Signed Certificate↗
- SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)↗
- TLS Version 1.0 Protocol Detection↗
- TLS Version 1.1 Protocol Deprecated↗
- Apache 2.4.x < 2.4.58 Multiple Vulnerabilities↗
- Apache Log4j Vulnerabilities↗
- Apache Solr Unauthenticated Access Information Disclosure↗
- Apache Struts Vulnerabilities↗
- Apache Tomcat Vulnerabilities↗
- Amazon Corretto Java 11.x < 11.0.19.7.1 Multiple Vulnerabilities↗
- OpenJDK Vulnerabilities↗
- Oracle Java SE Vulnerabilities↗
- 7-Zip < 23.00 Multiple Vulnerabilities↗
- Adobe Acrobat Vulnerabilities↗
- AMQP Cleartext Authentication↗
- Artifex Ghostscript < 10.2.1 DoS↗
- Chargen UDP Service Remote DoS↗
- Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)↗
- Echo Service Detection↗
- HSTS Missing From HTTPS Server (RFC 6797)↗
- HTTP TRACE / TRACK Methods Allowed↗
- Insecure Windows Service Permissions↗
- Keepass < 2.54 Information disclosure↗
- Notepad++ < 8.5.7 Multiple Buffer Overflow Vulnerabilities↗
- Quote of the Day (QOTD) Service Detection↗
- VMware Tools 10.3.x / 11.x / 12.x < 12.3.5 Token Bypass↗
- X Server Detection↗
- Template -> Use this template for new vulnerabilities