CVE-2023-52168 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-52168 PUBLISHED CVSS 8.399999618530273 HIGH

The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc.

EPSS 0.10% · 28.6th percentile

Risk Scores

CVSS v3.1

8.399999618530273

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

EPSS Score

0.10%

28.6th percentile

Affected Products

Vendor	Product	Versions
ABB	ABB 800xA History <=7.0
ABB	ABB Production Response Batch History <=6.2
ABB	ABB 800xA for Symphony Plus Harmony <=6.2
ABB	ABB 800xA for AC 870P Melody <=6.2
ABB	ABB Application Change Management <=6.2
ABB	ABB Batch Management <=6.2

Timeline

Jul 3, 2024 CVE Published
Jul 4, 2024 EPSS Score
Jul 26, 2024 EPSS Score
Aug 16, 2024 EPSS Score
Sep 7, 2024 EPSS Score
Sep 29, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 20, 2024 EPSS Score
Nov 11, 2024 EPSS Score
Dec 4, 2024 EPSS Score
Dec 25, 2024 EPSS Score
Jan 16, 2025 EPSS Score

References

https://psirt.abb.com/csaf/2026/7paa023732.json advisory
https://search.abb.com/library/Download.aspx?DocumentID=7PAA023732&LanguageCode=en&DocumentPartId=&Action=Launch advisory
https://library.abb.com/d/3BDS011222D7000 advisory
https://library.abb.com/d/3BSE034463D7000 advisory
https://library.abb.com/d/3BSE037410D7000 advisory
https://library.abb.com/d/3BSE080520D7000 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-52168 advisory

Open in Interactive Console →