Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27709 is an out-of-bounds read vulnerability in NanaZip's .NET Single-File Application manifest parser. The issue occurs because the parser reads a field called RelativePathLength from untrusted input without properly verifying that the length is within the bounds of the allocated buffer (HeaderBuffer). This allows an attacker to craft a malicious archive with a malformed RelativePathLength value that causes the parser to read memory beyond the intended buffer."}, {'type': 'paragraph', 'content': 'This out-of-bounds read can lead to application crashes and potentially disclose in-process memory contents by interpreting adjacent heap memory as string data. The vulnerability affects NanaZip versions starting from 5.0.1252.0 up to but not including versions 6.0.1638.0 and 6.5.1638.0, where it has been fixed.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause NanaZip to crash when opening a specially crafted archive, resulting in a Denial of Service (DoS) condition.

Additionally, it may lead to unintended disclosure of in-process memory contents, which could expose sensitive information depending on the environment and what data resides in memory adjacent to the buffer.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability manifests when NanaZip processes a crafted .NET Single File Application bundle with a malformed RelativePathLength field, causing crashes or abnormal behavior during file open operations.

Detection can involve monitoring for application crashes or abnormal behavior when opening archives with NanaZip versions 5.0.1252.0 up to but not including 6.0.1638.0 and 6.5.1638.0.

Since the vulnerability is triggered by opening maliciously crafted files, you can detect attempts by scanning for usage of vulnerable NanaZip versions and monitoring logs for crashes or errors related to archive parsing.

There is no specific command-line detection tool or signature provided, but you can use system monitoring tools to watch for NanaZip crashes or unusual process terminations.

• Check NanaZip version installed: Use commands like `nanazip --version` or check the application properties to confirm if the version is vulnerable.
• Monitor system logs for NanaZip crashes or errors when opening archives.
• Use file integrity monitoring to detect unexpected or suspicious .NET Single File Application bundles being opened.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade NanaZip to a fixed version.

• Update NanaZip to version 6.0.1638.0, 6.5.1638.0, or later, where the vulnerability has been patched.
• Avoid opening untrusted or suspicious .NET Single File Application bundles with vulnerable versions of NanaZip.
• Implement application whitelisting or restrict usage of NanaZip to trusted users to reduce exposure.
• Monitor NanaZip usage and logs for crashes or abnormal behavior that could indicate exploitation attempts.

Useful 0 Not Useful 0