914736 – (CVE-2023-31102, CVE-2023-40481) app-arch/p7zip: multiple vulnerabilities

Bug 914736 (CVE-2023-31102, CVE-2023-40481) - app-arch/p7zip: multiple vulnerabilities

Summary: app-arch/p7zip: multiple vulnerabilities

Status:	CONFIRMED

Alias:	CVE-2023-31102, CVE-2023-40481

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://github.com/p7zip-project/p7zi...
Whiteboard:	B2 [upstream]
Keywords:

Depends on:
Blocks:

Reported:	2023-09-26 10:42 UTC by Maxxim
Modified:	2023-10-22 23:50 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Maxxim 2023-09-26 10:42:29 UTC

p7zip seems to be affected by two severe vulnerabilities that were discovered last month:

CVE-2023-40481
CVE-2023-31102

Further details:
https://github.com/p7zip-project/p7zip/issues/224

The issue mentioned above indicates that the vulnerabilities are currently unfixed (and not even being worked upon). It is unclear, however, which versions are affected.

Reproducible: Always