M2team

Nanazip

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-47222

  • EPSS 0.17%
  • Veröffentlicht 12.06.2026 17:16:24
  • Zuletzt bearbeitet 15.06.2026 20:59:13

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Z...

4.3

CVE-2026-47224

  • EPSS 0.19%
  • Veröffentlicht 12.06.2026 17:16:24
  • Zuletzt bearbeitet 15.06.2026 20:59:13

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip (via the upstream 7-Zip LvmHan...

5.4

CVE-2026-47223

  • EPSS 0.18%
  • Veröffentlicht 12.06.2026 17:06:15
  • Zuletzt bearbeitet 15.06.2026 20:59:13

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Z...

7.1

CVE-2026-44215

Exploit
  • EPSS 0.22%
  • Veröffentlicht 12.05.2026 19:23:43
  • Zuletzt bearbeitet 14.05.2026 15:48:22

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem ima...

5.5

CVE-2026-42445

  • EPSS 0.11%
  • Veröffentlicht 12.05.2026 19:22:59
  • Zuletzt bearbeitet 14.05.2026 15:54:37

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth l...

5.5

CVE-2026-42444

  • EPSS 0.11%
  • Veröffentlicht 12.05.2026 19:22:09
  • Zuletzt bearbeitet 18.05.2026 14:17:41

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method reads BlockCount directly from the attacker-controlle...

5.5

CVE-2026-42443

  • EPSS 0.11%
  • Veröffentlicht 12.05.2026 19:21:31
  • Zuletzt bearbeitet 18.05.2026 13:46:34

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock fi...

5.5

CVE-2026-42442

  • EPSS 0.11%
  • Veröffentlicht 12.05.2026 19:21:04
  • Zuletzt bearbeitet 18.05.2026 13:51:59

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the root inode (...

5.5

CVE-2026-42355

  • EPSS 0.11%
  • Veröffentlicht 12.05.2026 19:20:35
  • Zuletzt bearbeitet 18.05.2026 13:52:21

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .asar file with deeply nested JSON in the header, bo...

7.1

CVE-2026-42446

  • EPSS 0.12%
  • Veröffentlicht 12.05.2026 19:19:44
  • Zuletzt bearbeitet 14.05.2026 15:49:25

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted ZealFS v1 filesystem image. ...