24 matches found
CVE-2026-55783
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...
CVE-2026-55783 NanaZip: NULL pointer dereference in Extract() of all seven NanaZip custom archive handlers when extracting/testing the whole archive
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...
EUVD-2026-42955
NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...
CVE-2026-55783
NanaZip (a 7‑Zip derivative) is affected prior to version 6.5.1749.0. The in‑house IInArchive handlers in NanaZip.Codecs dereference the caller‑supplied Indices array during Extract when Indices is NULL and NumItems is 0xFFFFFFFF, in the code path for a full archive extraction (Test or Extract al...
CVE-2026-42444
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...
CVE-2026-42444
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...
CVE-2026-42444 NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlled BlockCount
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...
CVE-2026-42444 NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlled BlockCount
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...
CVE-2026-42444
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...
EUVD-2026-29789
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...
CVE-2026-42444
NanaZip: Unbounded resource consumption DoS in the littlefs image parser. From 5.0.1252.0 to before 6.0.1698.0, the parser reads BlockCount from a crafted superblock without validation, then allocates per-iteration path entries. A 44-byte littlefs image with BlockCount = 0xFFFFFFFF causes ~4 bill...
PT-2026-40358
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlled superblock without any validation against the...
NanaZip 安全漏洞
NanaZip is a compression software open-source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1698.0 contained security vulnerabilities. These vulnerabilities stemmed from the Open method in the littlefs file system image resolver, which directly read the BlockCount value controlled by...
EUVD-2020-5844
Malware in sbrugna...
Unspecified vulnerability in Zephyr (CNVD-2021-95624)
Zephyr is an open source, small, scalable real-time operating system. Zephyr suffers from a security vulnerability that stems from the fact that when setup in conjunction with littlefs, MCUmgr can be used to extract all security-related information from the device. No details of the vulnerability...
CVE-2020-13599
Security problem with settings and littlefs. Zephyr versions = 1.14.2, = 2.3.0 contain Incorrect Default Permissions CWE-276. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q...
CVE-2020-13599
Security problem with settings and littlefs. Zephyr versions = 1.14.2, = 2.3.0 contain Incorrect Default Permissions CWE-276. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q...
Zephyr 安全漏洞
Zephyr is an open source, small, scalable real-time operating system. Zephyr suffers from a security vulnerability that stems from the fact that when setup in conjunction with littlefs, MCUmgr can be used to extract all security-related information from the device. No details of the vulnerability...
CVE-2020-13599 Security problem with settings and littlefs
Security problem with settings and littlefs. Zephyr versions = 1.14.2, = 2.3.0 contain Incorrect Default Permissions CWE-276. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-5qhg-j6wc-4f6q...
CVE-2020-13599
CVE-2020-13599 concerns a security problem with Zephyr’s settings handling when used with littlefs, where Zephyr versions >= 1.14.2 and >= 2.3.0 are affected by incorrect default permissions (CWE-276). The available connected sources corroborate the issue and link to the GHSA advisory GHSA-...