CVE-2026-44215

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions NanaZip versions 5.0.1252.0 through 6.0.1697.0

Description A one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser. This occurs when opening a specially crafted UFS filesystem image, allowing an attacker to control the byte offset of the write within a approximately 254-byte window beyond the heap allocation boundary.

Recommendations Update to version 6.0.1698.0.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2026-44215

Affected Products

Nanazip

CVE-2026-44215

Weakness Enumeration

Related Identifiers

Affected Products

References · 3