CVE-2026-27710
Integer Underflow in NanaZip .NET Parser Causes DoS
Publication date: 2026-02-26
Last updated on: 2026-02-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| m2team | nanazip | From 5.0.1252.0 (inc) to 6.0.1638.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-191 | The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-27710 is a denial-of-service (DoS) vulnerability in NanaZip's .NET Single-File Application parser caused by an integer underflow during header-size calculation."}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the parser reads a signed integer value called BundleHeaderOffset from untrusted input without properly validating that it is within the valid range. If this value is negative or larger than the bundle size, subtracting it from the bundle size causes an integer underflow, resulting in a very large unsigned value.'}, {'type': 'paragraph', 'content': 'This incorrect size leads NanaZip to attempt to allocate an excessively large amount of memory, which can cause the program to crash or exhaust system memory when opening a crafted file.'}, {'type': 'paragraph', 'content': 'The attack requires only local access and low privileges, and is triggered by opening a specially crafted single-file-like binary in NanaZip.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by causing NanaZip to crash or become unstable due to excessive memory allocation attempts.
The main impact is a loss of availability, as the program may run out of memory or terminate unexpectedly when processing a maliciously crafted archive.
There are no confidentiality or integrity impacts reported for this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying attempts to open crafted .coreclrapphost or single-file-like binaries in NanaZip that trigger abnormal memory allocation or crashes.
A proof-of-concept Python script exists that creates a malicious file with a BundleHeaderOffset larger than the file size, which can be used to test if NanaZip is vulnerable.
Detection on the system can involve monitoring NanaZip process crashes or out-of-memory conditions when opening suspicious archive files.
Since the attack vector is local and triggered by opening a crafted file, commands to detect this vulnerability would focus on verifying the NanaZip version installed and scanning for suspicious files.
- Check NanaZip version installed: For example, run NanaZip with a version flag or check installed package versions.
- Monitor NanaZip process crashes or memory usage spikes when opening archives.
- Use the provided proof-of-concept Python script (from Resource 1) to create a test file and attempt to open it with NanaZip to confirm vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade NanaZip to a fixed version.
- Update NanaZip to version 6.0.1638.0 or later, or 6.5.1638.0 or later, where the vulnerability is patched.
- Avoid opening untrusted or suspicious .coreclrapphost or single-file-like binaries with NanaZip until the update is applied.
- Monitor NanaZip for crashes or abnormal memory usage as a temporary detection measure.