Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Weakness
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| 7-zip | 7-zip | * | 18.03 (including) |
| P7zip-rar | Ubuntu | artful | * |
| P7zip-rar | Ubuntu | bionic | * |
| P7zip-rar | Ubuntu | cosmic | * |
| P7zip-rar | Ubuntu | esm-apps/xenial | * |
| P7zip-rar | Ubuntu | trusty | * |
| P7zip-rar | Ubuntu | xenial | * |
Potential Mitigations
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable’s type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed.
Related Attack Patterns
References
- http://www.securityfocus.com/bid/104132
- http://www.securitytracker.com/id/1040832
- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
- https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
- http://www.securityfocus.com/bid/104132
- http://www.securitytracker.com/id/1040832
- https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
- https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/