CVE-2024-11477

Published Nov 22, 2024

Last updated 10 days ago

Overview

Description
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.
Source
zdi-disclosures@trendmicro.com
NVD status
Received

Risk scores

CVSS 3.0

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

zdi-disclosures@trendmicro.com
CWE-191

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. آسیب پذیری جدیدی با کد شناسایی CVE-2024-11477 برای ابزار آرشیو 7-Zip منتشر شده است. این آسیب پذیری از نوع RCE بوده و به هکرها امکان اجرای کد به صورت remote را می دهد. نمره این آسیب پذیری 7.8 بوده و تمامی نسخه های قبل از 24.07 دارای این آسیب پذیری می باشند. https://t.co/Poz3aKY03t

    @AmirHossein_sec

    2 Dec 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2024-38063 2 - CVE-2023-50428 3 - CVE-2024-10924 4 - CVE-2024-11477 5 - CVE-2024-44308 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Dec 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. A critical vulnerability (CVE-2024-11477) has been identified in 7-Zip's Zstandard decompression, allowing remote code execution. Users are urged to update to version 24.07 or later to mitigate this risk. https://t.co/j0ezysErCU

    @GhostShaman

    2 Dec 2024

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-11477 7Zip Code Execution Writeup and Analysis https://t.co/PqGkgv1WZK

    @S0ufi4n3

    1 Dec 2024

    1939 Impressions

    3 Retweets

    19 Likes

    9 Bookmarks

    0 Replies

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2024-0012 2 - CVE-2023-28205 3 - CVE-2024-52443 4 - CVE-2024-49019 5 - CVE-2024-11477 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Dec 2024

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. #AllertaSicurezza: Una vulnerabilità critica è stata scoperta nel software di compressione 7-Zip! Classificato come alto rischio (CVE-2024-11477, CVSS 7,8), il difetto riguarda l'elaborazione di file con l'algoritmo Zstandard. Potrebbe consentire agli hacker di eseguire… https://

    @cyber_net_now

    30 Nov 2024

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Top 5 Trending CVEs: 1 - CVE-2024-49019 2 - CVE-2024-11477 3 - CVE-2024-49040 4 - CVE-2024-47208 5 - CVE-2024-10524 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    30 Nov 2024

    74 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. GitHub - TheN00bBuilder/cve-2024-11477-writeup: CVE-2024-11477 7Zip Code Execution Writeup and Analysis - https://t.co/W8Uz3h3zfx

    @piedpiper1616

    29 Nov 2024

    2542 Impressions

    27 Retweets

    37 Likes

    24 Bookmarks

    0 Replies

    0 Quotes

  9. Spent some time researching CVE-2024-11477, the new #7zip #CVE and made a writeup about my work on it. Let me know what you think! https://t.co/JJcfjXaPUF

    @SuperN00by

    29 Nov 2024

    6568 Impressions

    33 Retweets

    67 Likes

    53 Bookmarks

    5 Replies

    1 Quote

  10. 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. (CVE-2024-11477)

    @shellnotfound

    28 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 🚨 🚨Actualización Importante: Grave vulnerabilidad en 7-Zip (CVE-2024-11477): permite ejecución de código malicioso mediante archivos diseñados. ⚠️ Puntuación CVSS: 7.8. 🔒 Actualiza YA a la versión 24.07 o superior para proteger tu sistema. https://t.co/tsArYsny6j

    @MEnfrentadas

    28 Nov 2024

    232 Impressions

    2 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. A critical #security #vulnerability (CVE-2024-11477) has been disclosed in the file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely. #Cybersecurity #infosec https://t.co/MffLxvWpml https://t.co/yn7ZfSDPuj

    @twelvesec

    27 Nov 2024

    102 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. A newly discovered vulnerability in 7-Zip, a widely used file compression utility, has raised significant cybersecurity concerns. Tracked as CVE-2024-11477, this flaw allows attackers to execute malicious code through specially crafted archive files. Watch the video till the…

    @FORTBRIDGE

    26 Nov 2024

    92 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. So I spent some time trying to make a video about CVE-2024-11477, a vulnerability in 7-zip. This led my down a wild rabbit hole of patch diffing, software fuzzing, and ultimately crashing 7-zip over 4000 times. Check it out.

    @LowLevelTweets

    26 Nov 2024

    132 Impressions

    1 Retweet

    7 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Обнаружена новая уязвимость в архиваторе 7-Zip, которая может позволить злоумышленникам запустить вредоносный код на вашем компьютере. Проблема кроется в компоненте разуплотнения Zstandard и уже получила официальный идентификатор CVE-2024-11477: https://t.co/0CwveaiDdS #7Zip #ИБ

    @infosecmedia_

    26 Nov 2024

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 Celah Keamanan 7-Zip (CVE-2024-11477) 🚨 Ada bug di fungsi dekompresi Zstandard (CVSS 7.8) yang bisa dimanfaatkan hacker untuk menjalankan kode berbahaya lewat file yg sudah dimodif. Segera update ke versi 24.07+ biar aman! #KeamananSiber #7Zip https://t.co/oKMuJP38LY

    @anvie

    26 Nov 2024

    5131 Impressions

    40 Retweets

    163 Likes

    30 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2024-11477、『7-Zip Zstandard Decompression Integer Underflow 「Remote」 Code Execution Vulnerability』と銘打っておいて、Attack Vector (AV): Local なのちょっと面白い。アーカイバとしての使われ方を考慮? https://t.co/U1uyYFgxn5

    @ymzkei5

    26 Nov 2024

    374 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  18. CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/701SFKSBkY

    @turne85540

    26 Nov 2024

    53 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2024-11477 - looks like a signness issue in the Zstd Decoder

    @mistymntncop

    25 Nov 2024

    3566 Impressions

    2 Retweets

    24 Likes

    8 Bookmarks

    2 Replies

    0 Quotes

  20. CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/1wmwjbjkZ8

    @N0tus3rF0und

    25 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. [Sécurité] Exploit RCE CVE-2024-11477 découvert sur 7Zip Le célèbre logiciel de décompression open source 7Zip à un exploit RCE critique sur sont système de décompression https://t.co/U8n4F1J6BX Author : SaoriYuki

    @SwitchTools

    25 Nov 2024

    1937 Impressions

    1 Retweet

    19 Likes

    3 Bookmarks

    0 Replies

    1 Quote

  22. CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/U0VMv6HJSU

    @daisuke

    25 Nov 2024

    49 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. A critical vulnerability (CVE-2024-11477) in 7-Zip enables remote code execution due to insufficient validation of user-supplied data. ⚠️ #cybersecurity #vulnerability #7Zip https://t.co/Uc4zsjQQll https://t.co/Uc4zsjQQll

    @_CyberMaster

    25 Nov 2024

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Attention 7-Zip users! A critical vulnerability (CVE-2024-11477) has been discovered that may allow the execution of malicious code when opening compromised files. It is recommended to update to the latest version (24.07 or higher). #Security #MandatoryUpdate #7Zip https://t.co/

    @zumuha

    25 Nov 2024

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. ⚠️ 7-Zip RCE Vulnerability CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zip’s Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code. ❕ Users are advised to update to 7-Zip version 24.07 or later.

    @cyberthreatzip

    25 Nov 2024

    21 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. آسیب پذیری بحرانی CVE-2024-11477 در 7Zip https://t.co/z54lJ11Bxd

    @vulnerbyte

    25 Nov 2024

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. 😮 CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/5zHy9AilKm via @the_yellow_fall

    @FutureITPro20xx

    25 Nov 2024

    7 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2024-11477: Critical Flaw in 7-Zip Allows Hackers to Take Control A vulnerability has been discovered in the 7-Zip file compression tool, enabling attackers to remotely execute malicious code through specially crafted archives https://t.co/8wdaEVGJOW #CyberSecurity #7zip…

    @S0fianeHamlaoui

    25 Nov 2024

    159 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! はてなブックマーク テクノロジー新着 https://t.co/6wDV9fMSLG

    @mohritaroh

    25 Nov 2024

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. CVE-2024-11477: Critical Flaw in 7-Zip Allows Hackers to Take Control A vulnerability has been discovered in the 7-Zip file compression tool, enabling attackers to remotely execute malicious code through specially crafted archives https://t.co/CVQekrwGtG

    @the_yellow_fall

    25 Nov 2024

    415 Impressions

    6 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  31. Top 5 Trending CVEs: 1 - CVE-2024-46938 2 - CVE-2024-37397 3 - CVE-2024-42477 4 - CVE-2024-11477 5 - CVE-2024-0012 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    25 Nov 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. یک آسیب‌پذیری سطح بالا (CVE-2024-11477) توی 7-Zip پیدا شده که اجازه اجرای کد‌های مخرب از راه دور رو به مهاجم‌ها میده. این‌رو «نیکلاس زوبریسکی» از تیم ترند میکرو پیدا کرده و مربوط به عملکرد Zstandard decompression میشه. پیشنهاد میشه 7-Zip روبه نسخه 24.07 یا بالاتر آپدیت کنید. http

    @2soroushahmadi

    25 Nov 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 【リンク集:11月22日~25日のセキュリティ関連ニュース/記事】 <脆弱性> ・CVE-2024-9511(CVSS 9.8):FluentSMTPプラグインにおける重大な欠陥により、30万超のWordPressサイトが乗っ取られる恐れ https://t.co/YcHjmSp1X8 ・CVE-2024-11477:7-Zipの脆弱性でリモートコード実行が可能に… https://t.co/TmuGmvuZCB

    @MachinaRecord

    25 Nov 2024

    169 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨 Critical Vulnerability in 7-Zip A high-risk flaw (CVE-2024-11477) has been found in 7-Zip, allowing attackers to execute malicious code via crafted archives. With a CVSS score of 7.8, users should update immediately to stay protected. #CyberSecurity #7Zip #Vulnerability htt

    @cyraxsecurity

    25 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/nnl1BNzN2N @the_yellow_fallより

    @manatee_sn

    25 Nov 2024

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. 7-ZipをPCにインストールしちゃってる場合、最新のを適用しときましょう / CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/DW6iHkaPLN #bookmark — 量産型IGALOG (@igaos) Nov 25, 2024 November 25, 2024 at 02:14PM… https://t.co/0WFsKkUa05

    @igaos

    25 Nov 2024

    77 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  37. CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/VZztOC0LCS

    @ohhara_shiojiri

    25 Nov 2024

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 7-ZipをPCにインストールしちゃってる場合、最新のを適用しときましょう / CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/DW6iHkaPLN #bookmark

    @igaos

    25 Nov 2024

    113 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution https://t.co/7WTVH56NzT

    @Dinosn

    25 Nov 2024

    42307 Impressions

    253 Retweets

    783 Likes

    282 Bookmarks

    6 Replies

    9 Quotes

  40. 7-Zipに遠隔コード実行の脆弱性。CVE-2024-11477はCVSSスコア7.8で、細工されたアーカイブを開いた場合発現の可能性。Zstd解凍時の整数アンダーフロー。バージョン24.04で修正済み。 https://t.co/hSZe8XutDI

    @__kokumoto

    25 Nov 2024

    34890 Impressions

    370 Retweets

    533 Likes

    117 Bookmarks

    0 Replies

    11 Quotes

  41. 7-Zip Vulnerability Allows Remote Code Execution, Update Now! 7-Zip vulnerability (CVE-2024-11477): understand the risks and learn how to safeguard your systems from potential code execution attacks https://t.co/vkDyUqzd0c

    @the_yellow_fall

    25 Nov 2024

    886 Impressions

    10 Retweets

    11 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  42. 🗣 CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/yNgY40yon0

    @fridaysecurity

    25 Nov 2024

    70 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  43. CVE-2024-11477 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected … https://t.co/8l9L4M5ypF

    @CVEnew

    23 Nov 2024

    820 Impressions

    3 Retweets

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  44. 🚨 7-Zip Vulnerability (CVE-2024-11477) 🚨 A remote code execution flaw in 7-Zip (versions < 24.07) was fixed in June 2024. Attackers could exploit it to run arbitrary code. 🔴 Risk: MEDIUM (63.84/100) 💡 Action: Update to 24.07+ ASAP. #SecurityAlert #InfoSec #CyberSecurity

    @HWGSababa

    22 Nov 2024

    43 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes