CVE-2024-11612

Description

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.

How to fix CVE-2024-11612

To remediate CVE-2024-11612, upgrade the affected package to a fixed version below.

—upgrade to 22.01+really25.01+dfsg-0+deb12u1 or later
—upgrade to 16.02+really25.01+dfsg-0+deb11u1 or later

Is CVE-2024-11612 being exploited?

Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 22.01+really25.01+dfsg-0+deb12u1
from 0, < 16.02+really25.01+dfsg-0+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2024-11612