CVE Catalog

CVE-2026-42484

Critical
Published: Translated: NVD NIST

Summary

Version 7.1.2 of hashcat contains a heap-based buffer overflow vulnerability in the hex_to_binary function in the PKZIP hash parser. An attacker can exploit this flaw to cause a denial of service or potentially execute arbitrary code via a crafted PKZIP hash file.

Risk Assessment

This vulnerability could lead to significant availability issues and allow attackers to execute unauthorized code, posing a threat to system integrity.

Recommendation

It is recommended to update to the latest version of hashcat to mitigate this vulnerability and implement additional input validation mechanisms.

Original NVD description (English source)

A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When data_type_enum<=1, attacker-controlled hex data from a user-supplied hash string is decoded into a fixed-size buffer without proper input-length validation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS