Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-11477 PoC — 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability

Source
https://github.com/TheN00bBuilder/cve-2024-11477-writeup
Associated Vulnerability
Title:7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability (CVE-2024-11477)
Description:7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.
Description
CVE-2024-11477 7Zip Code Execution Writeup and Analysis
Readme
# CVE-2024-11477 Writeup

This is a writeup of my research on CVE-2024-11477. Keep in mind this may have errors and will not be perfect, as this was a pretty quick analysis. 

Please let me know if you disagree with anything!

See the other Markdown file for the information on the different files.
File Snapshot

 [4.0K]  /data/pocs/c30178a2fb8a6a2c92d7209b561c694221092a07
├── [4.0K]  assets
│   ├── [ 17K]  average_error.PNG
│   ├── [ 40K]  error_diff_value.PNG
│   ├── [ 15K]  errors_final.PNG
│   ├── [ 24K]  failonread.PNG
│   ├── [ 65K]  filebytes_in_gdb.PNG
│   ├── [ 85K]  first_segfault.PNG
│   ├── [ 45K]  ghidra_failure_spot.PNG
│   ├── [ 11K]  hit_loop_again.PNG
│   ├── [ 50K]  hmm_4a.PNG
│   ├── [ 10K]  literalslen.PNG
│   ├── [178K]  meld_view.PNG
│   ├── [7.0K]  myoldfriend.PNG
│   ├── [ 32K]  oh_fsck.PNG
│   ├── [8.0K]  shifting.png
│   ├── [ 95K]  source_of_loop.PNG
│   ├── [ 25K]  threehits.PNG
│   ├── [201K]  vscode_output.PNG
│   ├── [ 58K]  weird_filebytes.PNG
│   ├── [ 12K]  what_i_needto_understand.PNG
│   ├── [ 99K]  where_seqmode_comes_from.PNG
│   └── [ 22K]  where_we_crash.PNG
├── [ 16K]  CVE-2024-11477-Writeup.md
├── [ 298]  README.md
├── [4.0K]  segfault.zstd
└── [  42]  wip.zstd

1 directory, 25 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →