Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NanaZip UFS Archive Parser Memory Corruption via Unvalidated Directory Record Length
Vulnerability Description
NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, a memory corruption vulnerability in NanaZip’s UFS parser allows a crafted `.ufs/.ufs2/.img` file to trigger out-of-bounds memory access during archive open/listing. The bug is reachable via normal user file-open flow and can cause process crash, hang, and potentially exploitable heap corruption. Versions 6.0.1638.0 and 6.5.1638.0 fix the issue.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
NanaZip 安全漏洞
Vulnerability Description
NanaZip是M2-Team开源的一个压缩软件。 NanaZip 5.0.1252.0版本至6.0.1638.0之前版本和6.5.1638.0之前版本存在安全漏洞,该漏洞源于UFS解析器存在内存损坏漏洞,特制的.ufs/.ufs2/.img文件可能在打开或列出存档时触发越界内存访问,可能导致进程崩溃、挂起以及潜在的可利用堆损坏。
CVSS Information
N/A
Vulnerability Type
N/A