Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NanaZip .NET Single-File Manifest Parser Vulnerable to Out-of-Bounds Read via Unchecked RelativePathLength
Vulnerability Description
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s `.NET Single File Application` parser has an out-of-bounds read vulnerability in manifest parsing. A crafted bundle can provide a malformed `RelativePathLength` so the parser constructs a `std::string` from memory beyond `HeaderBuffer`, leading to crash and potential in-process memory disclosure. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
NanaZip 安全漏洞
Vulnerability Description
NanaZip是M2-Team开源的一个压缩软件。 NanaZip 5.0.1252.0版本至6.0.1638.0之前版本和6.5.1638.0之前版本存在安全漏洞,该漏洞源于.NET Single File Application解析器在清单解析过程中存在越界读取漏洞,特制的捆绑包可能提供格式错误的RelativePathLength,导致解析器从HeaderBuffer之外的内存构造std::string,可能引发崩溃和进程内存泄露。
CVSS Information
N/A
Vulnerability Type
N/A