Lucene search
K

24 matches found

NVD
NVD
added yesterday7 views

CVE-2026-55783

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday5 views

CVE-2026-55783 NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-42955

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-55783

NanaZip (a 7‑Zip derivative) is affected prior to version 6.5.1749.0. The in‑house IInArchive handlers in NanaZip.Codecs dereference the caller‑supplied Indices array during Extract when Indices is NULL and NumItems is 0xFFFFFFFF, in the code path for a full archive extraction (Test or Extract al...

2.4CVSS6.1AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.8 views

CVE-2026-42444

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.14 views

CVE-2026-42444

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

5.5CVSS0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 7:22 p.m.35 views

CVE-2026-42444 NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlled BlockCount

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

3.3CVSS0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:22 p.m.5 views

CVE-2026-42444 NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlled BlockCount

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:22 p.m.6 views

CVE-2026-42444

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/12 7:22 p.m.9 views

EUVD-2026-29789

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:22 p.m.20 views

CVE-2026-42444

NanaZip: Unbounded resource consumption DoS in the littlefs image parser. From 5.0.1252.0 to before 6.0.1698.0, the parser reads BlockCount from a crafted superblock without validation, then allocates per-iteration path entries. A 44-byte littlefs image with BlockCount = 0xFFFFFFFF causes ~4 bill...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.17 views

PT-2026-40358

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.8 views

NanaZip 安全漏洞

NanaZip is a compression software open-source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the Open method in the littlefs file system image resolver, which directly read the BlockCount value controlled by...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-5844

Malware in sbrugna...

3.3CVSS4.5AI score0.00233EPSS
Exploits0References3
CNVD
CNVD
added 2021/05/26 12:0 a.m.11 views

Unspecified vulnerability in Zephyr (CNVD-2021-95624)

Zephyr is an open source, small, scalable real-time operating system. Zephyr suffers from a security vulnerability that stems from the fact that when setup in conjunction with littlefs, MCUmgr can be used to extract all security-related information from the device. No details of the vulnerability...

3.3CVSS6.5AI score0.00233EPSS
Exploits0References1
OSV
OSV
added 2021/05/25 5:15 p.m.5 views

CVE-2020-13599

Security problem with settings and littlefs. Zephyr versions = 1.14.2, = 2.3.0 contain Incorrect Default Permissions CWE-276. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q...

3.3CVSS5.5AI score
Exploits0References2
NVD
NVD
added 2021/05/25 5:15 p.m.19 views

CVE-2020-13599

Security problem with settings and littlefs. Zephyr versions = 1.14.2, = 2.3.0 contain Incorrect Default Permissions CWE-276. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q...

3.3CVSS0.00233EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.5 views

Zephyr 安全漏洞

Zephyr is an open source, small, scalable real-time operating system. Zephyr suffers from a security vulnerability that stems from the fact that when setup in conjunction with littlefs, MCUmgr can be used to extract all security-related information from the device. No details of the vulnerability...

3.3CVSS5.5AI score0.00233EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/05/24 9:40 p.m.22 views

CVE-2020-13599 Security problem with settings and littlefs

Security problem with settings and littlefs. Zephyr versions = 1.14.2, = 2.3.0 contain Incorrect Default Permissions CWE-276. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q...

3.3CVSS5.2AI score0.00233EPSS
Exploits0References2
CVE
CVE
added 2021/05/24 9:40 p.m.52 views

CVE-2020-13599

CVE-2020-13599 concerns a security problem with Zephyr’s settings handling when used with littlefs, where Zephyr versions >= 1.14.2 and >= 2.3.0 are affected by incorrect default permissions (CWE-276). The available connected sources corroborate the issue and link to the GHSA advisory GHSA-...

3.3CVSS3.9AI score0.00233EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder