Overview
- Description
- 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Received
Risk scores
CVSS 3.0
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
Weaknesses
- zdi-disclosures@trendmicro.com
- CWE-835
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CVE-2024-11612 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installa… https://t.co/vIsdIpxxtC
@CVEnew
24 Nov 2024
219 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Following 7zip 24.08 release, @thezdi disclosed yesterday my vulnerability in 7zip 24.07: CopyCoder Infinite Loop Denial-of-Service Vulnerability - CVE-2024-11612 I found this vulnerability last summer during a fuzzing campaign with @aflplusplus https://t.co/v4UVV7TOGt
@2ourc3
22 Nov 2024
3689 Impressions
10 Retweets
64 Likes
12 Bookmarks
12 Replies
0 Quotes
CVE-2024-11612 This vulnerability allows remote attackers to create a denial-of-... https://t.co/YSHGzreAad Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x
@VulmonFeeds
22 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes