The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that     allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are     presented as a part of a filename listed in the file system image. This has security relevance in some     known web-service use cases where untrusted users can upload files and have them extracted by a server-     side 7-Zip process. (CVE-2023-52169)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of 7-Zip installed on the remote Windows host is below 24.01. It is, therefore, affected by multiple vulnerabilities:

  - The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow     that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size:
    buffer+512*i-2, for i=9, i=10, i=11, etc. (CVE-2023-52168)

  - The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that     allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are     presented as a part of a filename listed in the file system image. This has security relevance in some     known web-service use cases where untrusted users can upload files and have them extracted by a     server-side 7-Zip process. (CVE-2023-52169)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-705 advisory.

    The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow     that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size:
    buffer+512*i-2, for i=9, i=10, i=11, etc. (CVE-2023-52168)

    The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that     allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are     presented as a part of a filename listed in the file system image. This has security relevance in some     known web-service use cases where untrusted users can upload files and have them extracted by a server-     side 7-Zip process. (CVE-2023-52169)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2625-1 advisory.

    - CVE-2023-52168: Fixed heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten     at multiple offsets (bsc#1227358)
    - CVE-2023-52169: Fixed out-of-bounds read in NTFS handler (bsc#1227359)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2475-1 advisory.

    - CVE-2023-52168: Fixed heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten     at multiple offsets (bsc#1227358)
    - CVE-2023-52169: Fixed out-of-bounds read in NTFS handler (bsc#1227359)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
226365	Linux Distros Unpatched Vulnerability : CVE-2023-52169	Nessus	Misc.	high
209231	7-Zip < 24.01 Heap-based Buffer Overflow	Nessus	Windows	high
205810	Amazon Linux 2023 : p7zip, p7zip-plugins (ALAS2023-2024-705)	Nessus	Amazon Linux Local Security Checks	high
204887	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : p7zip (SUSE-SU-2024:2625-1)	Nessus	SuSE Local Security Checks	high
202461	SUSE SLES12 Security Update : p7zip (SUSE-SU-2024:2475-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2023-52169

high

Tenable Plugins

high

high

high

high

high