Critical security bug found in 7-Zip

Newsfeed · May 10, 2018

Critical security bug found in 7-Zip

7-Zip has released a patch for a critical security bug (CVE-2018-10115) in the code which allows it to handle RAR files, Sophos reported.

The security researcher who found the bug, and developed a working exploit for it, has subsequently published his findings.

mercurial · May 10, 2018

Interesting. Junior developers should read this.

Bryn · May 10, 2018

Was worried for a moment, but I see it's nothing that would have affected me.

system32 · May 10, 2018

7-Zip still my go to app for compression.

Seems the issue is with unRAR code used by 7-Zip.

Good to see it patched.

sajunky · May 11, 2018

system32 said:
Seems the issue is with unRAR code used by 7-Zip.

From my understanding it was implementer's responsibility to initialise all variables.

According to the researcher, there were several uninitialised variables in the UnRAR code, as used by 7-Zip,

Join the MyBroadband community

Get started

Critical security bug found in 7-Zip

Newsfeed

MyBroadband Newsfeed

mercurial

MyBB Legend

Bryn

Doubleplusgood

system32

Executive Member

sajunky

Honorary Master