emoji-award-rape
emoji-award-rape
Unable to load image

:rape: Security researcher does a little trolling by releasing a 0day exploit for 7zip

Out of nowhere a guy drops a 0day for 7zip. He claims that unpacking a 7z file causes code execution:

https://pastebin.com/KxQYFqwR

He casually throws in "Offsets might need changing, slight modifications based on victim system could be needed." which casts shade on authenticity of his claim.

Shitty media picks it up, such as https://cybersecuritynews.com/7-zip-zero-day-exploit/ , which is written by an Indian.

The 7zip dev responds: "fake"

https://sourceforge.net/p/sevenzip/bugs/2539/

Our security researcher provides chatgpt-clarification

Hi Idor! The issue lies in the RC_NORM macro in LzmaDec.c. This macro normalizes range and code values during decoding and increments the buf pointer (p->buf++) without verifying if it exceeds allocated memory or the bufLimit. The lack of bounds checking allows a custom forged LZMA stream to manipulate range and code which causes the buf pointer to overflow into adjacent memory. By designing the LZMA stream with very low frequency symbols, we can exploit this to overwrite critical memory regions like as return addresses or function pointers. To put it simply, this vulnerability arises from inadequate validation of the LZMA stream structure which enables malformed input to trigger the overflow and execute arbitrary code. Remember this is a PROOF OF CONCEPT

Twitter argues about technicalities.

:#marseynothingburger:

Update:

Our hero admitted that the code is generated by Gemini and it can't work. He also submitted a lengthy rant and a recording of his desktop, which shows him opening a 7zip file, and after 2-3 seconds calc pops up :marseymindblown:

>My laptop charger died, and I refuse to code on a mobile IDE, so I decided to explain it to Gemini and have it write the code for me. However, as some of you have noticed, the code is useless. It added random file inclusion directives that, to my knowledge, don't even exist,

https://i.rdrama.net/images/1735725224BEPkpadwShjseg.webp

53
Jump in the discussion.

No email address required.

That's why I still write my own binary packing formats with custom compression, like we used to do 20 years ago. !codecels

Good luck getting the AI to make shit up about my code, it's unreadable.

Jump in the discussion.

No email address required.

Oh man remember when you could get Sims in 80mb but you had to use this commandline unpacker that took hours?


https://i.rdrama.net/images/17191743323420358.webp

Jump in the discussion.

No email address required.

:#marseyeyemixer2: :#marseyrope:

Jump in the discussion.

No email address required.

Really, you don't need more than just RLE.

Jump in the discussion.

No email address required.

+ Huffman

Jump in the discussion.

No email address required.

https://sourceforge.net/

https://media.tenor.com/9OcQhlCBNG0AAAAx/what-year-is-it-jumanji.webp

AI Trolling is the best trolling

https://i.rdrama.net/images/1735640828MzP-duLwB7CulA.webp

@cyberdick love sucking peepee

Jump in the discussion.

No email address required.

LLMs seethe in very distinctive ways LMAO. The dev should have used one to reply to the fricker with it.

- Big D

Jump in the discussion.

No email address required.

the dev is the one seething lmao

Jump in the discussion.

No email address required.

Ye but at a clearly AI generated bullshit

Jump in the discussion.

No email address required.

As if LLMs aren't programmed to seethe at bullshit

Jump in the discussion.

No email address required.

https://i.rdrama.net/images/1735657112pNYU_UUeRRwTwg.webp

Jump in the discussion.

No email address required.

thats not the dev, the dev is igor

Jump in the discussion.

No email address required.

Probably a safe bet that this is a :marseytunaktunak: trying to claim bug bounties by fluffing up any potential code error even if the problem is never encountered in practice.

Jump in the discussion.

No email address required.

cant access github until i get home, sorry

Idc about any of that codecel nonsense beyond :marseyunabomber: ,but why would you make a big announcement when you cant actually show whT you want to announce properly yet, and already have to apologize in your announcement? :marseywut2:

Its like inviting people to your wedding then saying "lol idk we're only marrying next week"

Jump in the discussion.

No email address required.

for the same reason every year or so chinese scientists claim to have cracked cold fusion but can't show it yet because it's in their house and they lost the keys but they'll totally show you later

Jump in the discussion.

No email address required.

2 weeks, kraken, buy my book

Jump in the discussion.

No email address required.

Pretty fricking stupid to call a hypothetical exploit that you can't even demonstrate in practice a 0day.

Jump in the discussion.

No email address required.

Explain how does this affect me

Jump in the discussion.

No email address required.

When you use 7zip you house will explode

Jump in the discussion.

No email address required.

You wasted 37 seconds of your life you can never get back, reading it

Jump in the discussion.

No email address required.

:#marseydisgust:

Jump in the discussion.

No email address required.

Wasnt there a 7zip security breach thingy already like just a few weeks ago?

Jump in the discussion.

No email address required.

Yes. CVE-2024-11477

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.

Jump in the discussion.

No email address required.

Footage of me refusing to use .7z bigboys during AoC

https://media.tenor.com/Jw8I___MCdQAAAAx/matrix-dodge.webp

Jump in the discussion.

No email address required.

Jump in the discussion.

No email address required.

>jesus


https://i.rdrama.net/images/17191743323420358.webp

Jump in the discussion.

No email address required.

Link copied to clipboard
Action successful!
Error, please refresh the page and try again.