Opened 4 months ago

Closed 4 months ago

Last modified 4 months ago

#14867 closed enhancement (fixed)

Fix CVE-2021-3465 in p7zip

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: elevated Milestone: 10.2
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Additional information from Arch:

In p7zip 17.03, the function NCompress::CCopyCoder::Code in CPP/7zip/Common/StreamObjects.cpp will call outStream->Write where a memcpy uses a NULL pointer as destination address, leading to a crash.

https://github.com/jinfeihan57/p7zip/commit/295dac87f657de12f6165cb9d81404e079651a50

Change History (4)

comment:1 by Douglas R. Reno, 4 months ago

Priority: normalelevated

comment:2 by Douglas R. Reno, 4 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

I found a way to do these all via seds. They will be in my next commit.

comment:3 by Douglas R. Reno, 4 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r24440

comment:4 by Douglas R. Reno, 4 months ago

The CVE has been withdrawn by the CNA, so I will not file a security advisory for this.

Note: See TracTickets for help on using tickets.