#417 CVE-2023-40481 7-Zip SquashFS File Parsing Out-Of-Bounds Fix ?

[John Bryan]

Hello,
After reading the ZDI security adviso on the CVE-2023-40481 vulnerability, ZDI indicates that the vulnerability is fixed and refers to the release note for version 23.00.

In the release blog there is no mention of out-of-bounds. Does version 23.00 really fix the CVE-2023-40481 vulnerability?

https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/

Thank you for your reply

[Igor Pavlov]

Yes, that bug was fixed in v23.00.

[John Bryan]

thanks for the reply :)

[Priyesh W]

Hello Igor, can you share the details on the issue and fix made.

[Igor Pavlov]

Yes, it was fixed.
You can find changed lines in source code.

CPP\7zip\Archive\SquashfsHandler.cpp

[Petr Sumbera]

Can you please share information whether old p7zip 16.02 is also affected by CVE-2023-40481? It would be great to see particular commit/patch. Thank you!

[Igor Pavlov]

I didn't check it.
For the patch we must use same changes as in v23.01.

[Petr Sumbera]

Yes, Unfortunately there are lot of changes to SquashfsHandler.cpp between 7zip-22.01 and 7zip-23.01. Some are probably unrelated like C macro definitions and their use. Others like using unsigned variable in vicinity of CHandler::GetPath() and CHandler::Open(), .. might be it. But not clear enough. Use of source version control system would help a lot..

[Priyesh W]

Thanks

[Priyesh W]

Hi Igor, Can you also share the issue and fix for CVE-2023-31102.

[Igor Pavlov]

It was fixed too.
Now I don't want to disclose more details.