CVE-2024-11612Infinite Loop in 7-zip

CWE-835Infinite Loop5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 61.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
7-zip P7zip7-zipDebian 7zip+1 more
Timeline
PublishedNov 22
Latest updateApr 15

Description

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVD7-zip/7-zip24.0624.08
debiandebian/7zip< 7zip 24.08+dfsg-1 (forky)
debiandebian/p7zip< 7zip 24.08+dfsg-1 (forky)
Debian7-zip/p7zip< 16.02+transitional.1
CVEListV57-zip/7-zip24.06

🔴Vulnerability Details

2
OSV
CVE-2024-11612: 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability2024-11-22
GHSA
GHSA-jrq3-7p6q-9m8h: 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability2024-11-22

📋Vendor Advisories

2
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Build (7-Zip) — CVE-2024-116122025-04-15
Debian
CVE-2024-11612: 7zip - 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerabilit...2024
CVE-2024-11612 — Infinite Loop in 7-zip | cvebase