CVE Catalog

CVE-2026-42482

Critical
Published: Translated: NVD NIST

Summary

A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in hashcat v7.1.2 allows for denial of service or arbitrary code execution via a crafted rule file or the -j or -k options with password candidates of 128 or more characters.

Risk Assessment

This vulnerability may lead to significant disruptions in system operation and allow attackers to execute malicious code, posing a threat to system integrity and availability.

Recommendation

It is recommended to update to the latest version of hashcat to mitigate this vulnerability and to review and restrict the use of rule files in the application.

Original NVD description (English source)

A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more characters. The vulnerability is caused by a bounds check that fails to account for the 2x expansion that occurs when password bytes are converted to hexadecimal.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS