Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/05/12 7:22 p.m.37 views

CVE-2026-42445 NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

3.3CVSS0.00111EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:22 p.m.7 views

CVE-2026-42445

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-40361

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of th...

4.4CVSS5.8AI score0.00217EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.9 views

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1638.0, as well as versions before 6.5.1638.0, have security vulnerabilities. These vulnerabilities stem from memory corruption in the UFS parser. Customized .ufs/.ufs2/.img files may trigger...

6.6CVSS5.9AI score0.00142EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.11 views

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1630.0 contained security vulnerabilities. These vulnerabilities were caused by the NextOffset loop and deeply nested directories within the ROMFS archive parser, which could lead to infinite...

5.5CVSS5.8AI score0.00152EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.11 views

NanaZip 安全漏洞

NanaZip is a compression software open source by the M2-Team. Versions of NanaZip from 5.0.1252.0 to 6.0.1630.0 contained security vulnerabilities, which were caused by infinite loops in the ROMFS archive parser...

7.5CVSS5.8AI score0.00267EPSS
Exploits1References2
Rows per page
Query Builder