← Volver a CVEs
CVE-2026-27014
MEDIUM5.5
Descripcion
NanaZip is an open source file archive Starting in version 5.0.1252.0 and prior to version 6.0.1630.0, circular `NextOffset` chains cause an infinite loop, and deeply nested directories cause unbounded recursion (stack overflow) in the ROMFS archive parser. Version 6.0.1630.0 patches the issue.
Detalles CVE
Puntuacion CVSS v3.15.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado2/19/2026
Ultima modificacion2/20/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
m2team:nanazip
Debilidades (CWE)
CWE-674
Referencias
https://github.com/M2Team/NanaZip/security/advisories/GHSA-fc89-3f57-h9q5(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.