PT-2026-22045 · Nanazip · Nanazip

Ho-9

Publicado

2026-02-25

Atualizado

2026-02-26

CVE-2026-27711

CVSS v3.1

6.6

Média

Vetor

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1637.0 NanaZip versions 6.5.1637.0

Description NanaZip, an open source file archive, contains a memory corruption issue in its UFS parser. A specially crafted .ufs, .ufs2, or .img file can cause out-of-bounds memory access when the archive is opened or listed. This flaw is reachable through normal user file-open operations and may lead to process crashes, hangs, and potentially exploitable heap corruption.

Recommendations Update to NanaZip version 6.0.1638.0 or later. Update to NanaZip version 6.5.1638.0 or later.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

CVE-2026-27711

GHSA-RJWV-4W7X-HC9C

Produtos afetados

Nanazip

PT-2026-22045 · Nanazip · Nanazip

CVE-2026-27711

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6