Researchers have discovered a critical vulnerability in 7-Zip, a popular file archiver utility used for compressing and decompressing files. This vulnerability, dubbed CVE-2023-40481, allows remote attackers to execute arbitrary code on affected installations of 7-Zip, requiring user interaction such as visiting a malicious page or opening a malicious file. The root cause of this vulnerability lies in the improper parsing of SquashFS (SQFS) files, leading to out-of-bounds write situations.
Exploit Details
The vulnerability arises from the lack of proper validation of user-supplied data while parsing SQFS files. This vulnerability was originally identified as ZDI-CAN-18589 before being assigned the CVE identifier CVE-2023-40481. By exploiting this flaw, an attacker can write past the end of an allocated buffer and, in turn, execute code in the context of the current process.
Here is a code snippet illustrating the issue within the SQFS file parsing function
void sqfs_parsing_function(input_data) {
...
// Parse header information from input_data
...
if (header_length < required_length) {
// Error, but no proper handling or validation
}
...
// Write of out-of-bounds buffer occurs here due to incorrect header_length value
memcpy(buffer + header_length, input_data, user_supplied_length);
...
}
As seen in the code snippet above, the lack of proper validation of the header_length variable can lead to buffer overflows.
Original References
For more technical details and an in-depth analysis of CVE-2023-40481, please check out the original research references:
- Zero Day Initiative (ZDI) Vulnerability Report
- CVE Details
Mitigation and Recommendations
While the 7-Zip team is working on resolving this vulnerability, it is highly recommended for users to take the following precautions:
Avoid downloading or opening SQFS files from untrusted sources.
3. Regularly check the 7-Zip official website for information on updates and patches related to this vulnerability.
Let's keep our cyber environment safe and secure by staying informed and vigilant about software vulnerabilities like CVE-2023-40481.
Timeline
Published on: 05/03/2024 03:15:21 UTC
Last modified on: 06/05/2024 20:02:31 UTC