Out of nowhere a guy drops a 0day for 7zip. He claims that unpacking a 7z file causes code execution:
Hey guys, as a thank you to all the new followers, I will be dropping 0days all this week until MyBB.
β a (@NSA_Employee39) December 30, 2024
Here's a ACE vulnerability in 7zip.https://t.co/FjvDD155Vo
(Can't access GitHb until I get home, sorry lol)
Offsets might need changing, slight modifications based on victimβ¦
He casually throws in "Offsets might need changing, slight modifications based on victim system could be needed." which casts shade on authenticity of his claim.
Shitty media picks it up, such as https://cybersecuritynews.com/7-zip-zero-day-exploit/ , which is written by an Indian.
The 7zip dev responds: "fake"
https://sourceforge.net/p/sevenzip/bugs/2539/
Our security researcher provides chatgpt-clarification
Hi Idor! The issue lies in the RC_NORM macro in LzmaDec.c. This macro normalizes range and code values during decoding and increments the buf pointer (
p->buf++
) without verifying if it exceeds allocated memory or the bufLimit. The lack of bounds checking allows a custom forged LZMA stream to manipulate range and code which causes the buf pointer to overflow into adjacent memory. By designing the LZMA stream with very low frequency symbols, we can exploit this to overwrite critical memory regions like as return addresses or function pointers. To put it simply, this vulnerability arises from inadequate validation of the LZMA stream structure which enables malformed input to trigger the overflow and execute arbitrary code. Remember this is a PROOF OF CONCEPT
β a (@NSA_Employee39) December 30, 2024
Twitter argues about technicalities.
Update:
Our hero admitted that the code is generated by Gemini and it can't work. He also submitted a lengthy rant and a recording of his desktop, which shows him opening a 7zip file, and after 2-3 seconds calc pops up
Here it is. F @Gemini for ruining my street cred. I am grateful for this though. It has shown me that with how awful you all can be, that this will not be made completely public. Once my Discord suspension becomes undone, I will create a private server where I will only let⦠https://t.co/cP1EnnJLKg pic.twitter.com/UVdP11yzMj
β a (@NSA_Employee39) January 1, 2025
Jump in the discussion.
No email address required.
That's why I still write my own binary packing formats with custom compression, like we used to do 20 years ago. !codecels
Good luck getting the AI to make shit up about my code, it's unreadable.
Jump in the discussion.
No email address required.
Oh man remember when you could get Sims in 80mb but you had to use this commandline unpacker that took hours?
Jump in the discussion.
No email address required.
More options
Context
Jump in the discussion.
No email address required.
More options
Context
Really, you don't need more than just RLE.
Jump in the discussion.
No email address required.
+ Huffman
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
https://sourceforge.net/
AI Trolling is the best trolling
@cyberdick love sucking peepee
Jump in the discussion.
No email address required.
LLMs seethe in very distinctive ways LMAO. The dev should have used one to reply to the fricker with it.
- Big D
Jump in the discussion.
No email address required.
the dev is the one seething lmao
Jump in the discussion.
No email address required.
Ye but at a clearly AI generated bullshit
Jump in the discussion.
No email address required.
As if LLMs aren't programmed to seethe at bullshit
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Jump in the discussion.
No email address required.
thats not the dev, the dev is igor
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
More options
Context
More options
Context
Probably a safe bet that this is a trying to claim bug bounties by fluffing up any potential code error even if the problem is never encountered in practice.
Jump in the discussion.
No email address required.
More options
Context
Idc about any of that codecel nonsense beyond ,but why would you make a big announcement when you cant actually show whT you want to announce properly yet, and already have to apologize in your announcement?
Its like inviting people to your wedding then saying "lol idk we're only marrying next week"
Jump in the discussion.
No email address required.
for the same reason every year or so chinese scientists claim to have cracked cold fusion but can't show it yet because it's in their house and they lost the keys but they'll totally show you later
Jump in the discussion.
No email address required.
2 weeks, kraken, buy my book
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Pretty fricking stupid to call a hypothetical exploit that you can't even demonstrate in practice a 0day.
Jump in the discussion.
No email address required.
I miss @transb-word and her exploits
Putting the in
spookieturkeymerrynew yearJump in the discussion.
No email address required.
More options
Context
More options
Context
Explain how does this affect me
Jump in the discussion.
No email address required.
When you use 7zip you house will explode
Jump in the discussion.
No email address required.
More options
Context
You wasted 37 seconds of your life you can never get back, reading it
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
Wasnt there a 7zip security breach thingy already like just a few weeks ago?
Jump in the discussion.
No email address required.
Yes. CVE-2024-11477
Jump in the discussion.
No email address required.
More options
Context
More options
Context
Footage of me refusing to use .7z bigboys during AoC
Jump in the discussion.
No email address required.
More options
Context
Snapshots:
https://t.co/FjvDD155Vo:
ghostarchive.org
archive.org
archive.ph (click to archive)
December 30, 2024:
ghostarchive.org
archive.org
archive.ph (click to archive)
https://pastebin.com/KxQYFqwR:
ghostarchive.org
archive.org
archive.ph (click to archive)
https://cybersecuritynews.com/7-zip-zero-day-exploit/:
ghostarchive.org
archive.org
archive.ph (click to archive)
https://sourceforge.net/p/sevenzip/bugs/2539/:
ghostarchive.org
archive.org
archive.ph (click to archive)
https://t.co/Pekp6EHgcH:
ghostarchive.org
archive.org
archive.ph (click to archive)
December 30, 2024:
ghostarchive.org
archive.org
archive.ph (click to archive)
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
More options
Context
More options
Context