Products > Security
7-zip vulnerability - update now
bingo600:
https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/
SiliconWizard:
There's something I dont get in this article.
They mention Zstd, which is indeed used in various critical parts of Linux and other systems, but Zstd is not 7-zip and not provided by 7-zip AFAIK.
Can anyone enlighten me?
sleemanj:
--- Quote from: SiliconWizard on November 25, 2024, 10:18:04 pm ---There's something I dont get in this article.
--- End quote ---
My readings is that the bug is in 7-zip's particular implementation of Zstd.
https://github.com/mcmilk/7-Zip/blob/14d4b3f5e43e1c9bf23d314dcb8fb76887f6e855/C/ZstdDec.c
SiliconWizard:
Ah thanks, is the 7-zip's zstd decoder really used in anything critical in Linux? I sure wasn't expecting that. Maybe that is so?
I looked at what seems to be the culprit:
https://github.com/mcmilk/7-Zip/commit/14d4b3f5e43e1c9bf23d314dcb8fb76887f6e855#diff-896855d0e24931a930fa2e2a5e6c4a92d3589a70c1f8436d76e0f3c673888624
ejeffrey:
--- Quote from: SiliconWizard on November 25, 2024, 11:16:22 pm ---Ah thanks, is the 7-zip's zstd decoder really used in anything critical in Linux? I sure wasn't expecting that. Maybe that is so?
--- End quote ---
Not that I can tell. I think the article was just weirdly written.
Navigation
[0] Message Index
[#] Next page
Go to full version