CVE-2024-11477 PoC — 7-Zip 数字错误漏洞

Source

https://github.com/TheN00bBuilder/cve-2024-11477-writeup

Associated Vulnerability

Title:7-Zip 数字错误漏洞 (CVE-2024-11477)
Description:7-Zip是7-Zip开源的一个压缩软件。 7-Zip存在数字错误漏洞，该漏洞源于Zstandard解压缩过程中对用户提供的数据验证不当，可能导致整数下溢，并在写入内存前执行任意代码。

Description

CVE-2024-11477 7Zip Code Execution Writeup and Analysis

Readme

# CVE-2024-11477 Writeup

This is a writeup of my research on CVE-2024-11477. Keep in mind this may have errors and will not be perfect, as this was a pretty quick analysis. 

Please let me know if you disagree with anything!

See the other Markdown file for the information on the different files.

File Snapshot


 [4.0K]  /data/pocs/c30178a2fb8a6a2c92d7209b561c694221092a07
├── [4.0K]  assets
│   ├── [ 17K]  average_error.PNG
│   ├── [ 40K]  error_diff_value.PNG
│   ├── [ 15K]  errors_final.PNG
│   ├── [ 24K]  failonread.PNG
│   ├── [ 65K]  filebytes_in_gdb.PNG
│   ├── [ 85K]  first_segfault.PNG
│   ├── [ 45K]  ghidra_failure_spot.PNG
│   ├── [ 11K]  hit_loop_again.PNG
│   ├── [ 50K]  hmm_4a.PNG
│   ├── [ 10K]  literalslen.PNG
│   ├── [178K]  meld_view.PNG
│   ├── [7.0K]  myoldfriend.PNG
│   ├── [ 32K]  oh_fsck.PNG
│   ├── [8.0K]  shifting.png
│   ├── [ 95K]  source_of_loop.PNG
│   ├── [ 25K]  threehits.PNG
│   ├── [201K]  vscode_output.PNG
│   ├── [ 58K]  weird_filebytes.PNG
│   ├── [ 12K]  what_i_needto_understand.PNG
│   ├── [ 99K]  where_seqmode_comes_from.PNG
│   └── [ 22K]  where_we_crash.PNG
├── [ 16K]  CVE-2024-11477-Writeup.md
├── [ 298]  README.md
├── [4.0K]  segfault.zstd
└── [  42]  wip.zstd

1 directory, 25 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!