Low severity3.3NVD Advisory· Published May 12, 2026· Updated May 14, 2026
CVE-2026-42445
CVE-2026-42445
Description
NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths recurses into subdirectories without any depth limit or visited-inode tracking. A crafted UFS image with a deep directory tree or an inode cycle causes stack exhaustion, crashing the NanaZip process. This vulnerability is fixed in 6.0.1698.0.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/M2Team/NanaZip/security/advisories/GHSA-jpf5-j78p-cp3xnvdMitigationVendor Advisory
News mentions
0No linked articles in our index yet.