HTTP: 7-Zip Zstandard Decompression Integer Underflow
This signature detects attempts to exploit a known vulnerability against 7-Zip Zstandard. A successful attack can result in a denial-of-service condition.
Extended Description
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.
Affected Products
7-zip 7-zip
References
CVE: CVE-2024-11477
Short Name
HTTP:STC:7ZIP-ZSTD-DCMPN-INT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
7-Zip CVE-2024-11477 Decompression Integer Underflow Zstandard
Release Date
01/24/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3777
False Positive
Unknown
Vendors
7-zip