How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in 7-Zip versions 9.18 through 26.00 can lead to denial of service and potential heap information disclosure due to uninitialized heap reads and out-of-bounds memory access. This information disclosure could expose sensitive data such as passwords or file paths, especially in long-running GUI instances.

Exposure of sensitive data through these vulnerabilities may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access or leaks.

Therefore, organizations using affected versions of 7-Zip might face increased risk of non-compliance if sensitive data is exposed due to exploitation of these vulnerabilities.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

This vulnerability exists in 7-Zip versions 9.18 through 26.00 within the SquashFS archive handler. It is caused by an uninitialized heap read due to a sparsely populated index array. Specifically, the _blockToNode array is allocated with capacity for every metadata block but only partially populated, leaving many slots containing raw heap data that is not zero-initialized.

When the OpenDir function looks up a blockIndex influenced by an attacker, it reads two uninitialized slots and uses them as bounds for a binary search. This search can dereference out-of-bounds memory without proper checks, potentially returning an index that leads to reading a full node structure from memory. This creates a chained out-of-bounds read primitive that depends on heap layout and is not reliably triggerable.

The vulnerability triggers simply by opening a crafted file, requires no further interaction, and can lead to denial of service or information disclosure. There is no ability to write or modify memory through this flaw. The issue was fixed in version 26.01.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can impact users by causing a denial of service (DoS) when opening specially crafted SquashFS archive files, due to wild-pointer dereference resulting from out-of-bounds reads.

Additionally, it may lead to potential heap information disclosure, allowing an attacker to read sensitive memory contents. However, it does not allow an attacker to write or modify data.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The vulnerability in 7-Zip versions 9.18 through 26.00 is fixed in version 26.01.

To mitigate this vulnerability, you should update 7-Zip to version 26.01 or later.

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability occurs when opening specially crafted SquashFS archive files with vulnerable versions of 7-Zip (versions 9.18 through 26.00). Detection involves identifying the presence of these vulnerable 7-Zip versions on your system and monitoring for attempts to open suspicious or malformed SquashFS archives.

To detect vulnerable versions of 7-Zip installed on your system, you can run commands to check the version of the 7z executable or DLL.

• On Windows, open Command Prompt and run: 7z.exe --help or 7z.exe
• On Linux or Unix-like systems, run: 7z --help or 7z

If the version reported is between 9.18 and 26.00 inclusive, the system is vulnerable.

To detect exploitation attempts or suspicious activity, monitor logs or network traffic for files with SquashFS archives being opened or transferred. Since the vulnerability triggers during the Open() operation of the archive, any automated or manual opening of suspicious SquashFS files could be a sign.

No specific detection commands or signatures are provided in the available resources, so detection relies on version checking and monitoring file operations involving SquashFS archives.

Useful 0 Not Useful 0