Login Sign Up

CVE-2023-31102

7.8 HIGH

📋 TL;DR

This vulnerability in 7-Zip's PPMd7 compression module allows attackers to craft malicious 7Z archives that trigger an integer underflow, leading to invalid memory reads. Successful exploitation could allow arbitrary code execution or application crashes. All users of 7-Zip versions before 23.00 are affected.

💻 Affected Systems

Products:
  • 7-Zip
Versions: All versions before 23.00
Operating Systems: Windows, Linux, macOS (via ports)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both GUI and command-line versions. Any application using 7-Zip libraries may also be vulnerable.

📦 What is this software?

7 Zip by 7 Zip

View all CVEs affecting 7 Zip →

Active Iq Unified Manager by Netapp

View all CVEs affecting Active Iq Unified Manager →

Oncommand Workflow Automation by Netapp

View all CVEs affecting Oncommand Workflow Automation →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the 7-Zip process, potentially leading to full system compromise if running with elevated privileges.

🟠

Likely Case

Application crash (denial of service) or limited information disclosure through memory reads.

🟢

If Mitigated

No impact if proper controls prevent processing of untrusted archives or if patched version is used.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious archive, but common in file sharing scenarios.
🏢 Internal Only: MEDIUM - Internal users could be tricked into opening malicious archives via phishing or shared drives.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Proof-of-concept available in public references. Exploitation requires user to open crafted archive.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.00 and later

Vendor Advisory: https://www.7-zip.org/download.html

Restart Required: No

Instructions:

1. Download 7-Zip 23.00 or later from official website. 2. Run installer. 3. Follow installation prompts. 4. Verify version in About dialog.

🔧 Temporary Workarounds

Disable PPMd compression handling

windows

Configure 7-Zip to avoid processing PPMd-compressed archives

Not applicable - requires registry/configuration changes

Use alternative archive tools

all

Temporarily use other archive software until patched

🧯 If You Can't Patch

  • Implement application whitelisting to block 7-Zip execution
  • Use network filtering to block download of .7z files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check 7-Zip version in Help > About (GUI) or run '7z' command with version flag

Check Version:

7z | findstr "Version" (Windows) or 7z --help | grep Version (Linux)

Verify Fix Applied:

Confirm version is 23.00 or higher

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of 7z.exe or 7zG.exe
  • Unexpected memory access errors in system logs

Network Indicators:

  • Downloads of .7z files from suspicious sources
  • Multiple failed archive extraction attempts

SIEM Query:

EventID=1000 Source=Application Error ProcessName=7z*.exe

📊 Metadata

CVE ID: CVE-2023-31102
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-191
Published: November 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31102, you might also want to check these:

CVE-2025-29909 9.8

A heap buffer overflow vulnerability in CryptoLib's Crypto_TC_ApplySecurity() function allows attack...

Same vulnerability type (CWE-191)
CVE-2020-3691 9.8

This vulnerability allows integer underflow in Qualcomm Snapdragon audio processing, potentially lea...

Same vulnerability type (CWE-191)
CVE-2023-21708 9.8

This is a critical Remote Procedure Call Runtime vulnerability that allows unauthenticated attackers...

Same vulnerability type (CWE-191)