Vulnerabilities (CVE-2023-40481, CVE-2023-31102) in 7-ZIP; fixed in version 23.00 (August 2023)

Gandalf_The_Grey

Level 75
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,446
A short update from the end of August 2023. Security researchers have found two vulnerabilities in the 7-Zip program, which is used to pack and unpack ZIP archive files. The vulnerabilities CVE-2023-40481 and CVE-2023-31102 are classified as high-risk from a security perspective. Attackers could possibly elevate privileges.
Both vulnerabilities were reported to the 7-ZIP developers on November 21, 2022 and were closed (according to Zero Day Initiative from August 23, 2023) with an update of the software to version 23.00 (at that time still beta). Thus, anyone using the program should update to the newest version. Currently version 23.01 is offered for download.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top