CVE-2023-31102: Integer Underflow and Invalid Read Operation Vulnerability in 7-Zip before 23.00

A newly discovered vulnerability labeled as CVE-2023-31102 has been identified in 7-Zip, a popular file archiver utility used for compressing and decompressing files. The vulnerability impacts 7-Zip versions before 23.00. It involves an integer underflow and an invalid read operation vulnerability, which can be exploited using a specifically crafted 7Z archive.

CVE-2023-31102 Vulnerability Details

Vulnerability classification: CWE-191 (Integer Underflow) and CWE-125 (Out-of-bounds Read)
Severity: Medium
Affected 7-Zip versions: Before 23.00
Affected Files: ppmd7.c

The vulnerability exists in the ppmd7.c file of 7-Zip, where an error occurs during the processing of certain 7Z archives. This error can lead to an integer underflow, followed by an invalid read operation, which may allow an attacker to gain unauthorized access to sensitive information or manipulate the application's memory.

To exploit this vulnerability, an attacker needs to generate a malicious 7Z archive with the capability to trigger the integer underflow error in the target system's 7-Zip app. When such a malicious 7Z archive is extracted or opened using the affected versions of 7-Zip, it may cause the application to behave unexpectedly and potentially compromise the target system.

Here is an example of the vulnerable code snippet in the ppmd7.c file

// ppmd7.c
UInt32 Range = pp->MinContext->FreqSum;
UInt32 hi_Unit_r = ;
UInt32 r = GetThreshold(pp, Range);
int i;
for (i = ; i < 260; i++) {
    hi_Unit_r += (++Freq)
    if (hi_Unit_r > r)
        break;
}

In the code snippet above, an issue arises when "i" becomes large, leading to an integer underflow and an invalid read operation.

- Vulnerability source (white-hat researchers)
- 7-Zip - official website
- 7-Zip changelog (Refer to the fixed version)

Mitigations and Recommendations

Users are encouraged to upgrade their 7-Zip version to 23.00 or above to fix this vulnerability. This can be done by downloading the latest version from the official 7-Zip website here. It is strongly recommended not to open or extract any unknown or suspicious 7Z archives to prevent potential exploitation of this vulnerability.

In conclusion, CVE-2023-31102 is a medium-severity integer underflow and invalid read operation vulnerability present in 7-Zip versions before 23.00. Users should update their 7-Zip application to the latest available version immediately and exercise caution when opening and extracting 7Z archives from unknown sources.

Timeline

Published on: 11/03/2023 04:15:20 UTC
Last modified on: 11/20/2023 00:15:06 UTC