Vulnerability Description
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 7-Zip | 7-Zip | <= 18.03 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104132Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040832Third Party AdvisoryVDB Entry
- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-executExploitThird Party Advisory
- https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/Issue Tracking
- http://www.securityfocus.com/bid/104132Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040832Third Party AdvisoryVDB Entry
- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-executExploitThird Party Advisory
- https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/Issue Tracking
FAQ
What is CVE-2018-10115?
CVE-2018-10115 is a vulnerability with a CVSS score of 7.8 (HIGH). Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) o...
How severe is CVE-2018-10115?
CVE-2018-10115 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10115?
Check the references section above for vendor advisories and patch information. Affected products include: 7-Zip 7-Zip.