| Products > Security |
| 7-zip vulnerability - update now |
| (1/3) > >> |
| bingo600:
https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/ |
| SiliconWizard:
There's something I dont get in this article. They mention Zstd, which is indeed used in various critical parts of Linux and other systems, but Zstd is not 7-zip and not provided by 7-zip AFAIK. Can anyone enlighten me? |
| sleemanj:
--- Quote from: SiliconWizard on November 25, 2024, 10:18:04 pm ---There's something I dont get in this article. --- End quote --- My readings is that the bug is in 7-zip's particular implementation of Zstd. https://github.com/mcmilk/7-Zip/blob/14d4b3f5e43e1c9bf23d314dcb8fb76887f6e855/C/ZstdDec.c |
| SiliconWizard:
Ah thanks, is the 7-zip's zstd decoder really used in anything critical in Linux? I sure wasn't expecting that. Maybe that is so? I looked at what seems to be the culprit: https://github.com/mcmilk/7-Zip/commit/14d4b3f5e43e1c9bf23d314dcb8fb76887f6e855#diff-896855d0e24931a930fa2e2a5e6c4a92d3589a70c1f8436d76e0f3c673888624 |
| ejeffrey:
--- Quote from: SiliconWizard on November 25, 2024, 11:16:22 pm ---Ah thanks, is the 7-zip's zstd decoder really used in anything critical in Linux? I sure wasn't expecting that. Maybe that is so? --- End quote --- Not that I can tell. I think the article was just weirdly written. |
| Navigation |
| Message Index |
| Next page |