NanaZip .NET Single-File Manifest Parser Out-of-Bounds Read (CVE-2026-27709)

Key Information Summary Vulnerability Overview Title: Out-of-Bounds Read in NanaZip .NET Single-File Manifest Parser via Unchecked RelativePathLength Reporter: MouriNaruto Public Identifier: GHSA-vr4w-xc78-w6fv Affected Versions Affected Versions: 5.0 Update 1 (5.0.1252.0) or later, 6.0 Update 1 (6.0.1638.0) or later, 6.5 Preview (6.5.1638.0) or later Fixed Version: No specific fixed version mentioned; however, updating to the latest version is recommended to mitigate potential risks. Vulnerability Details Description: An out-of-bounds read vulnerability exists in the .NET Single File Application parser during manifest parsing. An attacker can craft a malicious RelativePathLength, causing the parser to construct a std::string from memory beyond the HeaderBuffer boundary, ultimately leading to a crash or potential in-process memory leakage. Severity: Medium (CVSS Score 5.1/10) CVE Identifier: CVE-2026-27709 Weakness Type: CWE-125 (Out-of-bounds read) Technical Details Attack Vector: Local Reproduction Method: By crafting specific RelativePathLength values and using a carefully designed payload, the program can be induced to read heap memory data outside the HeaderBuffer. Impact: May result in program crashes or memory data leakage, depending on the specific environment and attack payload. Remediation Recommendations Mitigation: Upgrade to an unaffected version or apply patches provided by the manufacturer. Prevention: Implement strict boundary checks on input data to avoid unchecked relative path lengths. Additional Information Report Time: 1 hour ago Attribution: HO-9 provided the report for this vulnerability. Related Source Code Details: The logic related to RelativePathLength can be found in NanaZip.Codexs.Archive.DotNetSingleFile.cpp; the vulnerable code is located approximately between lines 472 and 504 of the file.

Goal Reached Thanks to every supporter — we hit 100%!

NanaZip .NET Single-File Manifest Parser Out-of-Bounds Read (CVE-2026-27709)

More from this source