| Title | Author | Created | Published | Tags |
|---|---|---|---|---|
| The 7-Zip Vulnerability Discovery (CVE-2024-11477) |
| January 16, 2025 | - | [[#issessions|#issessions]] |
7-Zip Security Bug Overview
Key Points:
- Software fuzzing revealed critical vulnerability in 7-Zip’s Zstandard decompression process
- Integer underflow occurs during decompression of malicious archives
- Allows attackers to execute arbitrary code on victim’s system when opening infected files
Impact:
- High severity rating with CVSS score of 7.8
- Requires user interaction to exploit
- Attack vectors vary based on system implementation
RCE Risk:
- Malicious actors can craft specially designed archive files to trigger the vulnerability
- When processed, these files can execute unauthorized code on the target machine
- No active exploits detected yet, but high potential for weaponization
Protection:
- Update to 7-Zip version 24.07 or later
- Avoid opening archives from untrusted sources