Blog
Share This Post
[ad_1]
Open-source file archiving software 7-ZIP was noted by its creator Igor Pavlov to not have been impacted by any security issue after verified X user @NSA_Employee39 purportedly leaked a zero-day affecting the archiver that could allegedly be exploited for arbitrary code execution, according to Security Affairs.
Claimed to leverage a custom .7z archive with an atypical LZMA stream to facilitate RC_NORM buffer overflow, such a vulnerability has been dismissed by Pavlov as a fake that involved artificial intelligence-generated code.
“…[T]here is no RC_NORM function in LZMA decoder. Instead, 7-Zip contains RC_NORM macro in LZMA encoder and PPMD decoder. Thus, the LZMA decoding code does not call RC_NORM. And the statement about RC_NORM in the exploit comment is not true,” said Pavlov.
The veracity of the zero-day has also been questioned by other experts, including @LowLevelTweets on X.
“Been messing with this PoC for over an hour and can’t get it to do anything. No crashes, no hangs. Doesn’t timeout,” he said.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
