CVE-2024-11612: 
7-Zip vulnerability analysis and mitigation

7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability (CVE-2024-11612) is a security flaw discovered in 7-Zip software that allows remote attackers to create a denial-of-service condition on affected installations. The vulnerability was reported on June 26, 2024, and publicly disclosed on November 21, 2024. The issue affects 7-Zip installations prior to version 24.08 (ZDI Advisory).

The vulnerability exists within the processing of streams in 7-Zip's CopyCoder component. The specific flaw results from a logic error that can lead to an infinite loop. The vulnerability has been assigned a CVSS v3.0 base score of 6.5 (Medium) with the vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability is classified under CWE-835 (Loop with Unreachable Exit Condition) (NVD, ZDI Advisory).

When successfully exploited, this vulnerability can create a denial-of-service condition on the target system, potentially making the system unresponsive or unstable. The attack specifically impacts the availability of the system while not affecting confidentiality or integrity (ZDI Advisory).

The vulnerability has been fixed in 7-Zip version 24.08. Users and administrators are advised to upgrade to this version or later to mitigate the vulnerability (ZDI Advisory, ManageEngine).