ET EXPLOIT 7-Zip 7z File PPMd Properties Parsing Integer Underflow (CVE-2023-31102)

SID: 2065690Rev: 14 viewsHistory

Sourceet/open

CreatedNovember 6, 2025

UpdatedNovember 6, 2025

Classificationmisc-attack

alert tcp any any -> $HOME_NET any (msg:"ET EXPLOIT 7-Zip 7z File PPMd Properties Parsing Integer Underflow (CVE-2023-31102)"; flow:established,to_client; file.magic; content:"7-zip archive"; startswith; file.data; content:"7z|bc af 27 1c 00 30 00 00|"; startswith; fast_pattern; pcre:"/\x30{24,}\x00\x30{24,}\x17\x06\x1a\x01/"; filesize:<10000; reference:url,ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/; reference:cve,2023-31102; classtype:misc-attack; sid:2065690; rev:1; metadata:attack_target Client_Endpoint, created_at 2025_11_06, cve CVE_2023_31102, deployment Perimeter, deployment Internal, confidence Low, signature_severity Minor, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2025_11_06; target:dest_ip;)

References

url	ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/
cve	2023-31102

Metadata

attack targetClient_Endpoint

created at2025_11_06

cveCVE-2023-31102

deploymentInternal

confidenceLow

signature severityMinor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2025_11_06

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!