CVE-2026-42484

Name of the Vulnerable Software and Affected Versions hashcat version 7.1.2

Description A heap-based buffer overflow exists in the hex to binary function within the PKZIP hash parser. This occurs when data type enum is less than or equal to 1, allowing attacker-controlled hex data from a user-supplied hash string to be decoded into a fixed-size buffer without proper input-length validation. This issue affects modules 17200, 17210, 17220, 17225, and 17230, and could lead to a denial of service or arbitrary code execution via a crafted PKZIP hash file.

Recommendations As a temporary workaround, restrict the use of modules 17200, 17210, 17220, 17225, and 17230 until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.