CVE-2024-11612

Publication date 22 November 2024

Last updated 27 November 2024


Ubuntu priority

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307.

Status

Package Ubuntu Release Status
7zip 24.10 oracular
Not affected
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal Not in release
p7zip 24.10 oracular
Not affected
24.04 LTS noble
Not affected
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty Ignored end of ESM support, was needs-triage