Purported 7-ZIP zero-day vulnerability dismissed

Share This Post

[ad_1]

Open-source file archiving software 7-ZIP was noted by its creator Igor Pavlov to not have been impacted by any security issue after verified X user @NSA_Employee39 purportedly leaked a zero-day affecting the archiver that could allegedly be exploited for arbitrary code execution, according to Security Affairs.

Claimed to leverage a custom .7z archive with an atypical LZMA stream to facilitate RC_NORM buffer overflow, such a vulnerability has been dismissed by Pavlov as a fake that involved artificial intelligence-generated code.

“…[T]here is no RC_NORM function in LZMA decoder. Instead, 7-Zip contains RC_NORM macro in LZMA encoder and PPMD decoder. Thus, the LZMA decoding code does not call RC_NORM. And the statement about RC_NORM in the exploit comment is not true,” said Pavlov.

The veracity of the zero-day has also been questioned by other experts, including @LowLevelTweets on X.

“Been messing with this PoC for over an hour and can’t get it to do anything. No crashes, no hangs. Doesn’t timeout,” he said.

[ad_2]

Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Do You Want To Boost Your Business?

drop us a line and keep in touch

Contact Us