Bug 2241001 (CVE-2023-40481)

Summary: CVE-2023-40481 p7zip: SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: kaycoth, rtillery
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
An out-of-bounds write vulnerability exists in p7zip that can lead to remote code execution on the victim's machine. This flaw allows an attacker to use a specially crafted file to trigger code execution, leading to a complete compromise of the system.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2241100, 2241101    
Bug Blocks: 2241005    

Description Guilherme de Almeida Suckevicz 2023-09-27 16:30:52 UTC 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

References:
https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
https://github.com/p7zip-project/p7zip/issues/224
Comment 2 Avinash Hanwate 2023-09-28 05:39:45 UTC 
Created p7zip tracking bugs for this issue:

Affects: epel-all [bug 2241100]
Affects: fedora-all [bug 2241101]