A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.

The version of p7zip installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2016-9296 advisory.

  - A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer     check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in     CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and     a denial of service when decoding malformed 7z files. (CVE-2016-9296)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of 7-Zip installed on the remote Windows host is prior to 16.03. It is, therefore, affected by a denial of service (DoS) flaw due to a Null pointer dereference flaw.

Security fix for CVE-2016-9296

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

MITRE reports :

A NULL pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of NULL pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.

ID	Name	Product	Family	Severity
201659	CBL Mariner 2.0 Security Update: p7zip (CVE-2016-9296)	Nessus	MarinerOS Local Security Checks	high
109799	7-Zip < 16.03 NULL Pointer Dereference DoS	Nessus	Windows	high
95497	Fedora 24 : p7zip (2016-d4573a5c53)	Nessus	Fedora Local Security Checks	high
95487	Fedora 23 : p7zip (2016-1ca07cdcde)	Nessus	Fedora Local Security Checks	high
95419	FreeBSD : p7zip -- NULL pointer dereference (48e83187-b6e9-11e6-b6cf-5453ed2e2b49)	Nessus	FreeBSD Local Security Checks	high
95401	Fedora 25 : p7zip (2016-1637001349)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2016-9296

high

Tenable Plugins

high

high

high

high

high

high