Lucene search
K

6 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/12 7:23 p.m.9 views

CVE-2026-44215

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

4.4CVSS5.8AI score0.00217EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:21 p.m.38 views

CVE-2026-42443 NanaZip: Integer divide-by-zero in NanaZip UFS inode offset calculation

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fsipg inodes per cylinder group is set to...

3.3CVSS0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:21 p.m.9 views

CVE-2026-42442 NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode inode 2 is set to IFLNK symlink instead of IFDIR...

3.3CVSS5.9AI score0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 7:20 p.m.12 views

EUVD-2026-29786

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 7:20 p.m.2 views

CVE-2026-42355 NanaZip: Uncontrolled recursion in NanaZip Electron ASAR parser causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive ASAR parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, both nlohmann::json::parse and the handler's...

3.3CVSS5.9AI score0.00111EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40357

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0 Description An integer divide-by-zero issue exists in the UFS/UFS2 filesystem image parser. This occurs when opening a specially crafted UFS image where the superblock field fs ipg inodes per...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References4
Rows per page
Query Builder