CVE-2022-47069 — HIGH (7.8)

Vulnerability Description

p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found that this is not a buffer overflow; at most an out-of-bounds read can occur.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
7-Zip	P7Zip	16.02

Related Weaknesses (CWE)

CWE-787

References

https://sourceforge.net/p/p7zip/bugs/241/ExploitIssue TrackingThird Party Advisory
https://sourceforge.net/p/p7zip/bugs/241/ExploitIssue TrackingThird Party Advisory

FAQ

What is CVE-2022-47069?

CVE-2022-47069 is a vulnerability with a CVSS score of 7.8 (HIGH). p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. NOTE: the Supplier has found tha...

How severe is CVE-2022-47069?

CVE-2022-47069 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-47069?

Check the references section above for vendor advisories and patch information. Affected products include: 7-Zip P7Zip.