CVE-2024-11947: 
NixOS vulnerability analysis and mitigation

GFI Archiver Core Service contains a deserialization of untrusted data vulnerability (CVE-2024-11947) that was disclosed on December 11, 2024. This vulnerability affects GFI Archiver installations up to version 15.7, specifically within the Core Service component that listens on TCP port 8017 by default (ZDI Advisory).

The vulnerability stems from improper validation of user-supplied data in the Core Service component, which can lead to deserialization of untrusted data. The issue has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a network-accessible vulnerability with low attack complexity that requires low privileges and no user interaction (NVD).

If successfully exploited, this vulnerability allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM on affected GFI Archiver installations. This level of access could potentially lead to complete system compromise (ZDI Advisory).

The vulnerability has been fixed in GFI Archiver version 15.7. Organizations running affected versions should upgrade to version 15.7 or later to mitigate this vulnerability (ZDI Advisory).