CVE-2018-10115
N/A
N/A
Summary
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
- http://www.securitytracker.com/id/1040832
- http://www.securityfocus.com/bid/104132
- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
References
- https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
- http://www.securitytracker.com/id/1040832
- http://www.securityfocus.com/bid/104132
- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.