Opened 6 weeks ago
Closed 6 weeks ago
#22303 closed defect (invalid)
Possible Mismatch in VirtualBox SHA256 Hash – Potential Integrity Issue
| Reported by: | aj1337aj | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox-7.1.6 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | Windows |
Description
Dear Oracle Security Team,
I recently downloaded VirtualBox from the official website (https://www.virtualbox.org/wiki/Downloads), but the SHA256 checksum of the installer does not match the one listed on your website.
Downloaded File: VirtualBox-7.1.6-167084-Win.exe Download URL: https://download.virtualbox.org/virtualbox/7.1.6/VirtualBox-7.1.6-167084-Win.exe Expected SHA256: 35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6 Actual SHA256: BC3499A77FA23781CBE388F1D61DBFCACEB20C72FC6BC08F2FFA5F820AF9AD8
I have performed multiple downloads and checks to ensure my system is not compromised: Verified that my DNS, proxy, and hosts file are clean Scanned my system with Bitdefender, Malwarebytes, and HitmanPro (no malware found) Ensured the download was directly from your website and not a third-party source
I kindly request that your team verify whether:
- The SHA256 hash listed on your website is outdated or incorrect.
- The download servers have been compromised or tampered with.
This could be a critical security issue, and I would appreciate an urgent response.
Thank you, Antony James AJ1337AJ@…
Hi Antony,
The correct SHA256 checksum for https://download.virtualbox.org/virtualbox/7.1.6/VirtualBox-7.1.6-167084-Win.exe is 35c42c98b784974a965c358a9bda63b6cb4edde80db83f87daa2fee83e6cfad6 as mentioned at https://www.virtualbox.org/download/hashes/7.1.6/SHA256SUMS.