VDB
ALPINE-CVE-2018-10115
ALPINE-CVE-2018-10115
PUBLISHED
CVSS 7.800000190734863 HIGH
Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Risk Scores
CVSS 3.0
7.800000190734863
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.17 | p7zip | 15.14.1-r0, 16.02-r1, 16.02-r2 |
| Alpine:v3.15 | p7zip | 9.04-r2, 9.38.1-r0, 9.38-r0 |
| Alpine:v3.6 | p7zip | 9.38.1-r0, 9.38-r0, 9.20.1-r2 |
| Alpine:v3.12 | p7zip | 9.04-r0, 0, 15.09-r0 |
| Alpine:v3.16 | p7zip | 0, 9.38.1-r0, 9.38-r0 |
| Alpine:v3.9 | p7zip | 0, 9.38.1-r0, 9.38-r0 |
| Alpine:v3.7 | p7zip | 4.65-r0, 15.09-r0, 15.14.1-r0 |
| Alpine:v3.5 | p7zip | 9.38-r0, 9.38.1-r0, 0 |
| Alpine:v3.8 | p7zip | 15.09-r0, 0, 9.38.1-r0 |
| Alpine:v3.10 | p7zip | 9.38.1-r0, 15.09-r0, 0 |
| Alpine:v3.11 | p7zip | 9.38.1-r0, 0, 15.09-r0 |
| Alpine:v3.14 | p7zip | 16.02-r2, 9.38.1-r0, 9.38-r0 |
| Alpine:v3.13 | p7zip | 9.20.1-r2, 9.38-r0, 15.09-r0 |
Exploit Intelligence
- zigpos-zimt-grype.html (github-poc)
Timeline
- May 2, 2018 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch