NanaZip Uncontrolled Recursion Vulnerability in UFS Filesystem Image Parser Causes Denial-of-Service

A denial-of-service vulnerability has been identified in NanaZip versions 5.0.1250.0 prior to 6.0.1698.0. The issue arises from uncontrolled recursion in the UFS/UFS2 filesystem image parser, specifically in the 'GetAllPaths' function. This function recursively traverses subdirectories without a depth limit or tracking of visited inodes. As a result, a specially crafted UFS image with a deep directory structure or an inode cycle can lead to stack exhaustion, causing the NanaZip process to crash.

Impact

Exploitation of this vulnerability leads to a stack overflow, causing a crash via a stack-guard page fault. This behavior is consistent in both the release and AddressSanitizer builds of NanaZip.

Reproduction

The vulnerability can be reproduced by using NanaZip to open a UFS image file that contains either a deep directory tree or an inode cycle. The 'GetAllPaths' function will recursively process the directories, leading to a stack overflow and crash.

Remediation

Users can upgrade to NanaZip version 6.0.1698.0 or later, where this vulnerability has been fixed.