CVE-2023-52168 — Vulnetix

CVE-2023-52168 PUBLISHED CVSS 8.399999618530273 HIGH

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

EPSS 0.08% · 23.2th percentile

Risk Scores

CVSS 3.1

8.399999618530273

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

EPSS Score

0.08%

23.2th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB 800xA History <=7.0
ABB	ABB Production Response Batch History <=6.2
ABB	ABB 800xA for Symphony Plus Harmony <=6.2
ABB	ABB 800xA for AC 870P Melody <=6.2
ABB	ABB Application Change Management <=6.2
ABB	ABB Batch Management <=6.2

Exploit Intelligence

Timeline

Jul 3, 2024 CVE Published
Jul 4, 2024 EPSS Score
Jul 5, 2024 PoC Published
Jul 26, 2024 EPSS Score
Aug 17, 2024 EPSS Score
Sep 9, 2024 EPSS Score
Oct 1, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 23, 2024 EPSS Score
Nov 14, 2024 EPSS Score
Dec 7, 2024 EPSS Score
Dec 30, 2024 EPSS Score

References

https://psirt.abb.com/csaf/2026/7paa023732.json advisory
https://search.abb.com/library/Download.aspx?DocumentID=7PAA023732&LanguageCode=en&DocumentPartId=&Action=Launch advisory
https://library.abb.com/d/3BDS011222D7000 advisory
https://library.abb.com/d/3BSE034463D7000 advisory
https://library.abb.com/d/3BSE037410D7000 advisory
https://library.abb.com/d/3BSE080520D7000 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-52168 advisory

Open in Interactive Console →