Context Navigation

← Previous Ticket
Next Ticket →

#14867 closed enhancement (fixed)

Fix CVE-2021-3465 in p7zip

Reported by:	Douglas R. Reno	Owned by:	Douglas R. Reno
Priority:	elevated	Milestone:	11.0
Component:	BOOK	Version:	SVN
Severity:	normal	Keywords:
Cc:

Description

Additional information from Arch:

In p7zip 17.03, the function NCompress::CCopyCoder::Code in CPP/7zip/Common/StreamObjects.cpp will call outStream->Write where a memcpy uses a NULL pointer as destination address, leading to a crash.

https://github.com/jinfeihan57/p7zip/commit/295dac87f657de12f6165cb9d81404e079651a50

Change History (5)

comment:1 by Douglas R. Reno, 3 years ago

Priority:	normal → elevated

comment:2 by Douglas R. Reno, 3 years ago

Owner:	changed from blfs-book to Douglas R. Reno
Status:	new → assigned

I found a way to do these all via seds. They will be in my next commit.

comment:3 by Douglas R. Reno, 3 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at r24440

comment:4 by Douglas R. Reno, 3 years ago

The CVE has been withdrawn by the CNA, so I will not file a security advisory for this.

comment:5 by Bruce Dubbs, 3 years ago

Milestone:	10.2 → 11.0

Milestone renamed

Note: See TracTickets for help on using tickets.

Download in other formats: