← Back

CVE-2026-44215

nvd nist
Published: May 12, 2026Modified: May 14, 2026

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
Exploitability: 2.8 / Impact: 4.2
Source: NVD

Description

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS filesystem image. The attacker controls the byte offset of the write within a ~254-byte window past the heap allocation boundary. This vulnerability is fixed in 6.0.1698.0.

Affected (1)

Products: M2team: Nanazip
M2team
1 product
Nanazip
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Nanazip
From 5.0.1252.0 to 6.0.1698.0

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: security-advisories@github.com
ExploitMitigationVendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitMitigationVendor Advisory

Timeline

No history available yet.