KidM to CybersecurityEnglish · 4 days ago7-Zip Zero-Day Exploit Allegedly Leaked Onlinecybersecuritynews.comexternal-linkmessage-square3fedilinkarrow-up152arrow-down14
arrow-up148arrow-down1external-link7-Zip Zero-Day Exploit Allegedly Leaked Onlinecybersecuritynews.comKidM to CybersecurityEnglish · 4 days agomessage-square3fedilink
minus-squarethemelmlinkfedilinkEnglisharrow-up24·4 days agoThe dev appears to think this is a fake exploit generated by LLM/AI https://sourceforge.net/p/sevenzip/bugs/2539/
minus-squarewizardbeard@lemmy.dbzer0.comlinkfedilinkEnglisharrow-up7·4 days agoBased off a small technicality with one of the comments in the code. The “function” referenced is actually a macro.
minus-squareHackerJoelinkfedilinkEnglisharrow-up4·2 days agoIt’s nonsense: https://xcancel.com/Seifreed/status/1874245336291488179 The LZMA implementation already validates bounds elsewhere (bufLimit). If p->buf exceeds its limit, the program aborts the decompression safely. 🚫 The claim of unchecked memory access is baseless.
The dev appears to think this is a fake exploit generated by LLM/AI
https://sourceforge.net/p/sevenzip/bugs/2539/
Based off a small technicality with one of the comments in the code. The “function” referenced is actually a macro.
It’s nonsense:
https://xcancel.com/Seifreed/status/1874245336291488179