NanaZip CVE-2026-27710 Integer Underflow DoS Vulnerability with PoC

Critical Vulnerability Information Vulnerability Title: NanaZip .NET Single-File Parser Integer Underflow Leads to Unbound Allocation (DoS) Severity: Moderate (5.1/10) CVE ID: CVE-2026-27710 Related CWE: CWE-191 Affected Versions: NanaZip 5.0 Update 1 (5.0.1252.0) and later 6.0 Update 1 (6.0.1638.0) and earlier 6.5 Preview (6.5.1638.0) and earlier Fixed Versions: 6.0 Update 1 (6.0.1638.0) and later 6.5 Preview (6.5.1638.0) and later Vulnerability Description Summary: A denial-of-service vulnerability exists in the .NET single-file application parser of NanaZip: an attacker can force an integer underflow via a specially crafted archive, triggering an unbounded memory allocation attempt that causes the process to crash when opening the archive. Details: In the file, NanaZip reads a signed without validating whether it falls within the range. This allows scenarios where exceeds or is negative, causing an underflow during arithmetic. The result is an excessively large memory allocation request, leading to application instability or crash. Exploitability: Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Passive Impact: Confidentiality: None Integrity: None Availability: High Proof of Concept (PoC) Python3 Code Example: Reproduction Steps: 1. Run the script using to generate the test file. 2. Open the generated file in NanaZip. 3. Observe abnormal memory allocation attempts, failure to open, or crash/memory exhaustion behavior. Impact Type: Uncontrolled allocation size due to integer underflow. Primary Impact: Denial of Service (process crash / memory exhaustion). Affected Users: Any NanaZip user who opens attacker-supplied or similar single-file binary files.

Goal Reached Thanks to every supporter — we hit 100%!

NanaZip CVE-2026-27710 Integer Underflow DoS Vulnerability with PoC

More from this source