PatchSiren cyber security CVE debrief
CVE-2026-47223 M2Team CVE debrief
CVE-2026-47223 is a medium-severity vulnerability in NanaZip, a 7-Zip derivative for modern Windows experiences. A heap out-of-bounds read issue exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip (via the upstream 7-Zip AvbHandler). The vulnerability is caused by a 32-bit unsigned integer overflow in the bounds check, allowing an attacker-controlled salt_len field to bypass validation. This causes CByteBuffer::CopyFrom to memcpy up to ~4 GiB past the end of a 64. The affected versions are from 3.0.1000.0 to before 6.0.1698.0. The issue has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.
- Vendor
- M2Team
- Product
- NanaZip
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-13
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-13
Who should care
Users of NanaZip versions 3.0.1000.0 to before 6.0.1698.0 should update to the patched versions to prevent potential exploitation.
Technical summary
The vulnerability exists in the Android Verified Boot (AVB) vbmeta image parser in NanaZip. A 32-bit unsigned integer overflow in the bounds check pos + ht.salt_len > descSize allows an attacker-controlled salt_len field to bypass validation. This causes CByteBuffer::CopyFrom to memcpy up to ~4 GiB past the end of a 64.
Defensive priority
Medium
Recommended defensive actions
- Update NanaZip to version 6.0.1698.0 or later
- Use a supported version of NanaZip
Evidence notes
The CVE-2026-47223 vulnerability has been patched in stable version 6.0.1698.0 and preview version 6.5.1742.0.
Official resources
-
CVE-2026-47223 CVE record
CVE.org
-
CVE-2026-47223 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47223 was published on 2026-06-12T18:16:34.640Z and modified on 2026-06-13T04:17:32.413Z.