Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The tool gave 7z.dll a clean go #7269

Open
mikerabat opened this issue Dec 23, 2024 · 1 comment
Open

The tool gave 7z.dll a clean go #7269

mikerabat opened this issue Dec 23, 2024 · 1 comment
Labels

Comments

@mikerabat
Copy link

In our project we provide an old version of the 7z.dll to compress decompress streams. The dll is provided in our applications program directory.

According to https://nvd.nist.gov/vuln/detail/CVE-2024-11477
there is a critical vulnarability but the command line tool gave it a pass.

The command line I used was:

dependency-check.bat --project "Darwin" --scan "C:\Program Files (x86)\Darwin2"

where Darwin2 is our Deskop application....

Is there anything I did wrong or is this test not in the database?

kind regards

@mikerabat mikerabat added the bug label Dec 23, 2024
@chadlwilson
Copy link
Contributor

I didn't think ODC could scan arbitrary native DLLs - only .NET assemblies packaged as DLL where the metadata can be exracted. Is there an analyzer you'd expect to detect this? https://jeremylong.github.io/DependencyCheck/analyzers/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants