CVE-2023-31102 patch

A free file archiver for extremely high compression

Brought to you by: ipavlov

#498 CVE-2023-31102 patch

Milestone: None

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2023-09-19

Created: 2023-09-19

Creator: Paul Ezvan

Private: No

Hello 7-Zip maintainers,

Regarding CVE-2023-31102 which has been fixed by 7-Zip 23.00 release according to https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ ,

I am trying to understand if CVE-2023-31102 also affects p7zip, an old port of 7-Zip to POSIX systems.

To help me find if it is the case, could you share the patch which addresses CVE-2023-31102 on the latest 7-Zip version? This would help me understand the affected code so I can check if this old port is affected as well.

Thanks!
Paul Ezvan

Discussion

Igor Pavlov - 2023-09-19

private: Yes --> No

Group: -->
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Igor Pavlov - 2023-09-19

p7zip 16.02 is not affected by CVE-2023-31102.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CVE-2023-31102 patch

A free file archiver for extremely high compression

Group

Searches

Help

#498 CVE-2023-31102 patch

Discussion