- Description
- 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-191
- Hype score
- Not currently trending
CVE-2024-11477: 7-Zip Sıfırıncı Gün Zafiyeti, Uzaktan Kod Çalıştırmaya İmkan Tanıyor! https://t.co/sntj3xdQCv
@cyberwebeyeos
31 Dec 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! #7ZipVulnerability #RemoteCodeExecution #UpdateNow #CVE202411477 #CybersecurityNews https://t.co/wizWuQahOq
@reverseame
17 Dec 2024
973 Impressions
8 Retweets
18 Likes
6 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2024-11477 has turned 7-Zip into a #CyberAttack entry point! This isn't about fixing a bug but addressing a critical risk in your environment ASAP. Start by figuring out where the vulnerable versions of 7-Zip live in your environment. 👇 https://t.co/4VfeK1SiZn
@ordrofthings
4 Dec 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A recently discovered flaw in 7-Zip (CVE-2024-11477) could enable remote code execution via malicious archive files. Our team analyzed the vulnerability, revealing potential risks for users. Ensure your systems are patched to mitigate this threat. https://t.co/hDkR7EOob6… http
@SpiderLabs
3 Dec 2024
414 Impressions
6 Retweets
4 Likes
3 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی با کد شناسایی CVE-2024-11477 برای ابزار آرشیو 7-Zip منتشر شده است. این آسیب پذیری از نوع RCE بوده و به هکرها امکان اجرای کد به صورت remote را می دهد. نمره این آسیب پذیری 7.8 بوده و تمامی نسخه های قبل از 24.07 دارای این آسیب پذیری می باشند. https://t.co/Poz3aKY03t
@AmirHossein_sec
2 Dec 2024
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2023-50428 3 - CVE-2024-10924 4 - CVE-2024-11477 5 - CVE-2024-44308 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Dec 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2024-11477) has been identified in 7-Zip's Zstandard decompression, allowing remote code execution. Users are urged to update to version 24.07 or later to mitigate this risk. https://t.co/j0ezysErCU
@GhostShaman
2 Dec 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477 7Zip Code Execution Writeup and Analysis https://t.co/PqGkgv1WZK
@S0ufi4n3
1 Dec 2024
1939 Impressions
3 Retweets
19 Likes
9 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-0012 2 - CVE-2023-28205 3 - CVE-2024-52443 4 - CVE-2024-49019 5 - CVE-2024-11477 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
1 Dec 2024
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#AllertaSicurezza: Una vulnerabilità critica è stata scoperta nel software di compressione 7-Zip! Classificato come alto rischio (CVE-2024-11477, CVSS 7,8), il difetto riguarda l'elaborazione di file con l'algoritmo Zstandard. Potrebbe consentire agli hacker di eseguire… https://
@cyber_net_now
30 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-49019 2 - CVE-2024-11477 3 - CVE-2024-49040 4 - CVE-2024-47208 5 - CVE-2024-10524 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
30 Nov 2024
74 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitHub - TheN00bBuilder/cve-2024-11477-writeup: CVE-2024-11477 7Zip Code Execution Writeup and Analysis - https://t.co/W8Uz3h3zfx
@piedpiper1616
29 Nov 2024
2542 Impressions
27 Retweets
37 Likes
24 Bookmarks
0 Replies
0 Quotes
Spent some time researching CVE-2024-11477, the new #7zip #CVE and made a writeup about my work on it. Let me know what you think! https://t.co/JJcfjXaPUF
@SuperN00by
29 Nov 2024
6568 Impressions
33 Retweets
67 Likes
53 Bookmarks
5 Replies
1 Quote
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. (CVE-2024-11477)
@shellnotfound
28 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 🚨 🚨Actualización Importante: Grave vulnerabilidad en 7-Zip (CVE-2024-11477): permite ejecución de código malicioso mediante archivos diseñados. ⚠️ Puntuación CVSS: 7.8. 🔒 Actualiza YA a la versión 24.07 o superior para proteger tu sistema. https://t.co/tsArYsny6j
@MEnfrentadas
28 Nov 2024
232 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical #security #vulnerability (CVE-2024-11477) has been disclosed in the file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely. #Cybersecurity #infosec https://t.co/MffLxvWpml https://t.co/yn7ZfSDPuj
@twelvesec
27 Nov 2024
102 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A newly discovered vulnerability in 7-Zip, a widely used file compression utility, has raised significant cybersecurity concerns. Tracked as CVE-2024-11477, this flaw allows attackers to execute malicious code through specially crafted archive files. Watch the video till the…
@FORTBRIDGE
26 Nov 2024
92 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
So I spent some time trying to make a video about CVE-2024-11477, a vulnerability in 7-zip. This led my down a wild rabbit hole of patch diffing, software fuzzing, and ultimately crashing 7-zip over 4000 times. Check it out.
@LowLevelTweets
26 Nov 2024
132 Impressions
1 Retweet
7 Likes
0 Bookmarks
1 Reply
0 Quotes
Обнаружена новая уязвимость в архиваторе 7-Zip, которая может позволить злоумышленникам запустить вредоносный код на вашем компьютере. Проблема кроется в компоненте разуплотнения Zstandard и уже получила официальный идентификатор CVE-2024-11477: https://t.co/0CwveaiDdS #7Zip #ИБ
@infosecmedia_
26 Nov 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Celah Keamanan 7-Zip (CVE-2024-11477) 🚨 Ada bug di fungsi dekompresi Zstandard (CVSS 7.8) yang bisa dimanfaatkan hacker untuk menjalankan kode berbahaya lewat file yg sudah dimodif. Segera update ke versi 24.07+ biar aman! #KeamananSiber #7Zip https://t.co/oKMuJP38LY
@anvie
26 Nov 2024
5131 Impressions
40 Retweets
163 Likes
30 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477、『7-Zip Zstandard Decompression Integer Underflow 「Remote」 Code Execution Vulnerability』と銘打っておいて、Attack Vector (AV): Local なのちょっと面白い。アーカイバとしての使われ方を考慮? https://t.co/U1uyYFgxn5
@ymzkei5
26 Nov 2024
374 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/701SFKSBkY
@turne85540
26 Nov 2024
53 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477 - looks like a signness issue in the Zstd Decoder
@mistymntncop
25 Nov 2024
3566 Impressions
2 Retweets
24 Likes
8 Bookmarks
2 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/1wmwjbjkZ8
@N0tus3rF0und
25 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Sécurité] Exploit RCE CVE-2024-11477 découvert sur 7Zip Le célèbre logiciel de décompression open source 7Zip à un exploit RCE critique sur sont système de décompression https://t.co/U8n4F1J6BX Author : SaoriYuki
@SwitchTools
25 Nov 2024
1937 Impressions
1 Retweet
19 Likes
3 Bookmarks
0 Replies
1 Quote
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/U0VMv6HJSU
@daisuke
25 Nov 2024
49 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2024-11477) in 7-Zip enables remote code execution due to insufficient validation of user-supplied data. ⚠️ #cybersecurity #vulnerability #7Zip https://t.co/Uc4zsjQQll https://t.co/Uc4zsjQQll
@_CyberMaster
25 Nov 2024
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Attention 7-Zip users! A critical vulnerability (CVE-2024-11477) has been discovered that may allow the execution of malicious code when opening compromised files. It is recommended to update to the latest version (24.07 or higher). #Security #MandatoryUpdate #7Zip https://t.co/
@zumuha
25 Nov 2024
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ 7-Zip RCE Vulnerability CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zip’s Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code. ❕ Users are advised to update to 7-Zip version 24.07 or later.
@cyberthreatzip
25 Nov 2024
21 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری بحرانی CVE-2024-11477 در 7Zip https://t.co/z54lJ11Bxd
@vulnerbyte
25 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
😮 CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/5zHy9AilKm via @the_yellow_fall
@FutureITPro20xx
25 Nov 2024
7 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: Critical Flaw in 7-Zip Allows Hackers to Take Control A vulnerability has been discovered in the 7-Zip file compression tool, enabling attackers to remotely execute malicious code through specially crafted archives https://t.co/8wdaEVGJOW #CyberSecurity #7zip…
@S0fianeHamlaoui
25 Nov 2024
159 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! はてなブックマーク テクノロジー新着 https://t.co/6wDV9fMSLG
@mohritaroh
25 Nov 2024
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: Critical Flaw in 7-Zip Allows Hackers to Take Control A vulnerability has been discovered in the 7-Zip file compression tool, enabling attackers to remotely execute malicious code through specially crafted archives https://t.co/CVQekrwGtG
@the_yellow_fall
25 Nov 2024
415 Impressions
6 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-46938 2 - CVE-2024-37397 3 - CVE-2024-42477 4 - CVE-2024-11477 5 - CVE-2024-0012 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
یک آسیبپذیری سطح بالا (CVE-2024-11477) توی 7-Zip پیدا شده که اجازه اجرای کدهای مخرب از راه دور رو به مهاجمها میده. اینرو «نیکلاس زوبریسکی» از تیم ترند میکرو پیدا کرده و مربوط به عملکرد Zstandard decompression میشه. پیشنهاد میشه 7-Zip روبه نسخه 24.07 یا بالاتر آپدیت کنید. http
@2soroushahmadi
25 Nov 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:11月22日~25日のセキュリティ関連ニュース/記事】 <脆弱性> ・CVE-2024-9511(CVSS 9.8):FluentSMTPプラグインにおける重大な欠陥により、30万超のWordPressサイトが乗っ取られる恐れ https://t.co/YcHjmSp1X8 ・CVE-2024-11477:7-Zipの脆弱性でリモートコード実行が可能に… https://t.co/TmuGmvuZCB
@MachinaRecord
25 Nov 2024
169 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerability in 7-Zip A high-risk flaw (CVE-2024-11477) has been found in 7-Zip, allowing attackers to execute malicious code via crafted archives. With a CVSS score of 7.8, users should update immediately to stay protected. #CyberSecurity #7Zip #Vulnerability htt
@cyraxsecurity
25 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/nnl1BNzN2N @the_yellow_fallより
@manatee_sn
25 Nov 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
7-ZipをPCにインストールしちゃってる場合、最新のを適用しときましょう / CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/DW6iHkaPLN #bookmark — 量産型IGALOG (@igaos) Nov 25, 2024 November 25, 2024 at 02:14PM… https://t.co/0WFsKkUa05
@igaos
25 Nov 2024
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/VZztOC0LCS
@ohhara_shiojiri
25 Nov 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
7-ZipをPCにインストールしちゃってる場合、最新のを適用しときましょう / CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/DW6iHkaPLN #bookmark
@igaos
25 Nov 2024
113 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution https://t.co/7WTVH56NzT
@Dinosn
25 Nov 2024
42307 Impressions
253 Retweets
783 Likes
282 Bookmarks
6 Replies
9 Quotes
7-Zipに遠隔コード実行の脆弱性。CVE-2024-11477はCVSSスコア7.8で、細工されたアーカイブを開いた場合発現の可能性。Zstd解凍時の整数アンダーフロー。バージョン24.04で修正済み。 https://t.co/hSZe8XutDI
@__kokumoto
25 Nov 2024
34890 Impressions
370 Retweets
533 Likes
117 Bookmarks
0 Replies
11 Quotes
7-Zip Vulnerability Allows Remote Code Execution, Update Now! 7-Zip vulnerability (CVE-2024-11477): understand the risks and learn how to safeguard your systems from potential code execution attacks https://t.co/vkDyUqzd0c
@the_yellow_fall
25 Nov 2024
886 Impressions
10 Retweets
11 Likes
6 Bookmarks
0 Replies
0 Quotes
🗣 CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/yNgY40yon0
@fridaysecurity
25 Nov 2024
70 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected … https://t.co/8l9L4M5ypF
@CVEnew
23 Nov 2024
820 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 7-Zip Vulnerability (CVE-2024-11477) 🚨 A remote code execution flaw in 7-Zip (versions < 24.07) was fixed in June 2024. Attackers could exploit it to run arbitrary code. 🔴 Risk: MEDIUM (63.84/100) 💡 Action: Update to 24.07+ ASAP. #SecurityAlert #InfoSec #CyberSecurity
@HWGSababa
22 Nov 2024
43 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:7-zip:7-zip:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01AEC7B4-8443-4267-A0E3-3C41EDFFBB38",
"versionEndExcluding": "24.07"
}
],
"operator": "OR"
}
]
}
]