Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27711 is a moderate severity memory corruption vulnerability in NanaZip's UFS archive parser affecting versions 5.0.1252.0 and prior to 6.0.1638.0 and 6.5.1638.0. It arises from improper validation of directory record lengths in UFS (.ufs/.ufs2/.img) archive files."}, {'type': 'paragraph', 'content': 'Specifically, the parser reads directory entry fields from untrusted data without verifying that the record fits within the remaining buffer, and it does not check that the directory record length is non-zero or within sane bounds before advancing pointers. This allows crafted archive files to trigger out-of-bounds memory access during archive opening or listing.'}, {'type': 'paragraph', 'content': 'This out-of-bounds access can cause heap corruption, process crashes, or hangs. The vulnerability is reachable through normal user file-open operations in NanaZip.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to out-of-bounds memory access and heap corruption when opening or listing maliciously crafted UFS archive files in NanaZip.

The immediate impact includes potential denial of service through application crashes or hangs.

Depending on the memory allocator and runtime protections in place, the heap corruption might be exploitable, potentially allowing an attacker to execute arbitrary code or cause further harm.

However, there is no impact on confidentiality or integrity of data, but availability of the application is significantly affected.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by identifying if NanaZip versions 5.0.1252.0 and prior to 6.0.1638.0 or 6.5.1638.0 are installed and if they are used to open or list UFS archive files (.ufs, .ufs2, .img).

A practical detection method involves attempting to open or list suspicious or untrusted UFS archive files with the vulnerable NanaZip versions and observing if the application crashes, hangs, or exhibits abnormal behavior.

Additionally, a proof-of-concept Python script exists that generates malformed UFS files with invalid directory record lengths to trigger the vulnerability, which can be used to test if the system is vulnerable.

No specific network commands are applicable since the attack vector is local and requires user interaction to open crafted files.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade NanaZip to a fixed version, specifically version 6.0.1638.0 or later, or version 6.5.1638.0 or later, where this vulnerability has been patched.

Until the upgrade is applied, avoid opening or listing untrusted or suspicious UFS archive files (.ufs, .ufs2, .img) with vulnerable versions of NanaZip to prevent triggering the memory corruption.

Implement user awareness to not open unknown or unverified archive files that could exploit this vulnerability.

Useful 0 Not Useful 0