ByteOS Network

CVE Vulnerability Details :

CVE-2026-42443

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-12 May, 2026 | 19:21

Updated At-12 May, 2026 | 19:44

▼CVE Numbering Authority (CNA)

NanaZip: Integer divide-by-zero in NanaZip UFS inode offset calculation

NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when opening a crafted UFS image where the superblock field fs_ipg (inodes per cylinder group) is set to zero. The parser uses this attacker-controlled value as a divisor without validation, causing an immediate hardware trap and process crash. This vulnerability is fixed in 6.0.1698.0.

Affected Products

Vendor

M2Team

Product

NanaZip

Versions

Affected

>= 5.0.1250.0, < 6.0.1698.0

Problem Types

Type	CWE ID	Description
CWE	CWE-369	CWE-369: Divide By Zero

Type: CWE

CWE ID: CWE-369

Description: CWE-369: Divide By Zero

Metrics

Version	Base score	Base severity	Vector
3.1	3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Version: 3.1

Base score: 3.3

Base severity: LOW

Vector:

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References

Hyperlink	Resource
https://github.com/M2Team/NanaZip/security/advisories/GHSA-3x2h-gqqw-g3gm	x_refsource_CONFIRM

Hyperlink: https://github.com/M2Team/NanaZip/security/advisories/GHSA-3x2h-gqqw-g3gm

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References