CVE-2024-11477

EUVD-2024-34129
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.

The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.
Wrap or Wraparound
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
zdiCNA
7.8 HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
7-zip7-zip
𝑥
< 24.07
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
7zip
bookworm
22.01+dfsg-8+deb12u1
not-affected
forky
25.01+dfsg-5
fixed
sid
25.01+dfsg-5
fixed
trixie
25.01+dfsg-1~deb13u1
fixed
p7zip
bookworm
16.02+dfsg-8
not-affected
bullseye
16.02+dfsg-8
fixed
trixie
16.02+transitional.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
7zip
focal
dne
jammy
not-affected
noble
not-affected
oracular
not-affected
plucky
not-affected
questing
not-affected
p7zip
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
not-affected
oracular
not-affected
plucky
not-affected
questing
not-affected
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
https://security.netapp.com/advisory/ntap-20250214-0007/