Article No° | Product Name | Affected Version(s) |
---|---|---|
Boost | <= V16.5 | |
FAB-Boost mixed installation | <= V22.7 | |
FAB (Storage) | <= V22.7 | |
Oseon-Boost mixed installation | <= V3.5 | |
Oseon (Storage) | <= V3.2 | |
TruTops Cell | <= V2.31.0 | |
TruTops Classic | <= V12.1 | |
TruTops Mark | <= V6.2 |
Under certain circumstances, opening a specially crafted 7-zip package can exploit an integer
underflow vulnerability in 7-zip versions up to and including 22.x
This vulnerability allows for a remote code execution, resulting in unauthorized (remote) access to,
change of data or disruption of the whole service.
Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid read operation via a crafted 7Z archive.
The stated TRUMPF products include a vulnerable version of 7-zip which can be exploited to take over
the server they’re installed on. This can impact confidentiality, integrity and availability of information on
the affected system.
Please download the replacement tool (LINK).
For additional questions please contact your TRUMPF Service with the PR number 501709.
CERT@VDE coordinated with TRUMPF