7-Zip Infinite Loop DoS via CopyCoder
CVE-2024-11612 Published on November 22, 2024
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.
Weakness Type
What is an Infinite Loop Vulnerability?
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
CVE-2024-11612 has been classified to as an Infinite Loop vulnerability or weakness.
Products Associated with CVE-2024-11612
stack.watch emails you whenever new vulnerabilities are published in Oracle or 7Zip 7 Zip. Just hit a watch button to start following.
Affected Versions
7-Zip Version 24.06 is affected by CVE-2024-11612Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.