New Update 7-Zip version 22.00 released

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,777
Zartarra said:
Contains the latest version a fix for vulnerability CVE-2022-29072?
github.com

GitHub - kagancapar/CVE-2022-29072: 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. - kagancapar/CVE-2022-29072
github.com github.com
Click to expand...

I am sorry for being very late to reply, but today, I found some info about your question, looks like no fix included yet in latest version 22.00
Click to expand...
The source article below sounds harsh... I don't know what is true or partially true 🤷‍♂️
nixsanctuary.com

Boycott 7-zip: "Limited" Open Source & Security Issues

"Limited" Open Source 7-zip developed by Igor Pavlov, first release happened in far 1999. Licensed under LGPL-2.1-or-later, but one detail: you can't find the actual sources on Github, Gitlab, nor any public code hosting, only src.7z on official Sourceforge page. No history, no committers, no...
nixsanctuary.com nixsanctuary.com

www.theregister.com

About that misguided call for a 7-Zip boycott

It's good to highlight some alternatives, but security issues are overblown
www.theregister.com www.theregister.com
 
  • Like
  • +Reputation
Reactions: show-Zi, SeriousHoax, Zartarra and 2 others
Zartarra

Zartarra

Level 8
Verified
Well-known
May 9, 2019
363
silversurfer said:
I am sorry for being very late to reply, but today, I found some info about your question, looks like no fix included yet in latest version 22.00

The source article below sounds harsh... I don't know what is true or partially true 🤷‍♂️
nixsanctuary.com

Boycott 7-zip: "Limited" Open Source & Security Issues

"Limited" Open Source 7-zip developed by Igor Pavlov, first release happened in far 1999. Licensed under LGPL-2.1-or-later, but one detail: you can't find the actual sources on Github, Gitlab, nor any public code hosting, only src.7z on official Sourceforge page. No history, no committers, no...
nixsanctuary.com nixsanctuary.com

www.theregister.com

About that misguided call for a 7-Zip boycott

It's good to highlight some alternatives, but security issues are overblown
www.theregister.com www.theregister.com
Click to expand...
@silversurfer ,

Thanks for all the information.
 
  • Like
Reactions: show-Zi and silversurfer
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,875
  • Like
  • Thanks
  • +Reputation
Reactions: silversurfer, Zartarra, roger_m and 9 others
L

Local Host

silversurfer said:
I am sorry for being very late to reply, but today, I found some info about your question, looks like no fix included yet in latest version 22.00

The source article below sounds harsh... I don't know what is true or partially true 🤷‍♂️
nixsanctuary.com

Boycott 7-zip: "Limited" Open Source & Security Issues

"Limited" Open Source 7-zip developed by Igor Pavlov, first release happened in far 1999. Licensed under LGPL-2.1-or-later, but one detail: you can't find the actual sources on Github, Gitlab, nor any public code hosting, only src.7z on official Sourceforge page. No history, no committers, no...
nixsanctuary.com nixsanctuary.com

www.theregister.com

About that misguided call for a 7-Zip boycott

It's good to highlight some alternatives, but security issues are overblown
www.theregister.com www.theregister.com
Click to expand...
That website is spreading false information however, the source of 7z is publicly available, 7-Zip - Browse Files at SourceForge.net

You can download 7z from direct links in the official website too, regardless, 7z was never packed with bundleware, always been a simple setup file that extracts 7z.

SourceForge is a legit website that developers been using for decades to share their files and sources (this was long before GitHub even existed).

CVE-2022-29072 is false and was confirmed by multiple specialists is not a real exploit (you can see it was dispusted), the guy who leaked it is pretty much known as fraud.

CVE-2018-5996 which he also claims is still an issue in 7z, was patched back in version 18 (same year exploit was revealed).

It's clear that guy is just looking to advertise PeaZip, none of his arguments pan out and is full of misinformation, this type of toxic behaviour just makes me wanna use PeaZip less.
 
Last edited:
  • Like
  • +Reputation
  • Wow
Reactions: Zartarra, roger_m and show-Zi

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Hundred Points
Security News 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
Replies
0
Views
625
Security News
Gandalf_The_Grey
Gandalf_The_Grey
lokamoka820
    • Like
New Update PicView Updates Thread
Replies
2
Views
487
Office, email and business apps
lokamoka820
lokamoka820
lokamoka820
New Update Double Commander Updates Thread
Replies
4
Views
842
Other software
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top