Yesterday, user @NSA_Employee39 allegedly posted on Twitter a zero-day vulnerability in the popular open source file decompression utility 7-Zip, but 7-Zip author Igor Pavlov quickly dismissed it as a false report. Others who responded to @NSA_Employee39’s original tweet also disputed these claims and the text provided, with some speculating that the content may have been run through ChatGPT.
Regardless, word of the so-called arbitrary code execution (ACE) vulnerability in 7-Zip spread quickly. Now, only the media like us or a determined independent detective can find Igor Pavlov’s statement regarding this apparently false vulnerability report.
it’s over Sourceforge.netIgor Pavlov himself made a series of official comments on the matter to clear up the misunderstanding. “The general conclusion is that the fake exploit code from Twitter was generated by LLM (AI),” Igor said. He explained that “the annotations in the ‘fake’ code contained the statement: ‘This exploit The target is a vulnerability in the LZMA decoder of the 7-Zip software. It uses a crafted .7z archive and a malformed LZMA stream to trigger a buffer overflow condition in the RC_NORM function.
Hi everyone, to thank all the new followers I’m giving up 0days this week until MyBB. Amounts may need to be changed, slightly modified depending on the victim…December 30, 2024
Igor continued: “But there is no RC_NORM function in the LZMA decoder. Instead, 7-Zip includes the RC_NORM macro in the LZMA encoder and PPMD decoder. Therefore, the LZMA decoding code does not call RC_NORM. The description of RC_NORM in the vulnerability comment is Not true.
Since 7-Zip is open source and we have only found users supporting Igor’s claims rather than this so-called “NSA employee” recklessly tweeting about 0day ACE vulnerabilities on Twitter, this issue does not appear to be a concern for end users.
If you are particularly concerned, we recommend mitigating factors by doing the following Safety Scan for any unfamiliar 7-Zip compatible archives you may be downloading. As described, the vulnerability still requires the user to open a tainted archive that contains the 7-Zip vulnerability. – Not even a truly diligent black hat hacker can do this. sad.