{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-118.pdf"
    },
    "title": "Critical Vulnerability in 7-Zip",
    "serial_number": "2024-118",
    "publish_date": "25-11-2024 08:34:13",
    "description": "A severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives. The vulnerability tracked as CVE-2024-11477 has received a high CVSS score of 7.8.<br>\n",
    "url_title": "2024-118",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in 7-Zip'\nnumber: '2024-118'\nversion: '1.0'\noriginal_date: '2024-11-20'\ndate: '2024-11-25'\n---\n\n_History:_\n\n* _25/11/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nA severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives. The vulnerability tracked as **CVE-2024-11477** has received a high CVSS score of 7.8 [1].\n\n# Technical Details\n\nThis vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation [2].\n\nThe specific flaw exists within the implementation of `Zstandard` decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process [2].\n\n# Affected Products\n\nThe vulnerability was fixed in 7-Zip 24.07 [2].\n\n# Recommendations\n\nCERT-EU recommends updating the software to the latest version.\n\n# References\n\n[1] <https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/>\n\n[2] <https://www.zerodayinitiative.com/advisories/ZDI-24-1532/>\n\n\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>25/11/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>A severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives. The vulnerability tracked as <strong>CVE-2024-11477</strong> has received a high CVSS score of 7.8 [1].</p><h2 id=\"technical-details\">Technical Details</h2><p>This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation [2].</p><p>The specific flaw exists within the implementation of <code>Zstandard</code> decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process [2].</p><h2 id=\"affected-products\">Affected Products</h2><p>The vulnerability was fixed in 7-Zip 24.07 [2].</p><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends updating the software to the latest version.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/\">https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.zerodayinitiative.com/advisories/ZDI-24-1532/\">https://www.zerodayinitiative.com/advisories/ZDI-24-1532/</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}