-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2024-11477? #240
Comments
@l29ah: If the 7zip source code is not updated to 24.08, I think yes. |
From what I understand, this p7zip project is not the same thing and is a reimplementation. But Low Level Learning has made a video pinpointing the 3 lines that actually fixed the bug. So it may need to be ported to p7zip: https://youtube.com/watch?v=i5L9xEk_adw If the same integer underflow math bug exists here then it's in need of fixing here too. |
Based on the video by "Low Level", it's unlikely that the CVE applies. The bug appears to have been in 7-Zip's reimplementation of the Zstandard compression algorithm, but p7zip uses the externally developed zstd library instead. That said, p7zip currently includes zstd 1.5.2, which is somewhat out of date. |
Is this project vulnerable to https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
?
The text was updated successfully, but these errors were encountered: