NanaZip parses ROMFS archives by following a NextOffset chain. In versions from 5.0.1252.0 up to but not including 6.0.1630.0, a circular NextOffset chain causes the parser to loop indefinitely, while deeply nested directory structures trigger unbounded recursion that overflows the stack. These conditions can exhaust CPU or memory resources or crash the application, resulting in a denial of service. The weakness corresponds to CWE‑674: Uncontrolled Recursion. The likely attack vector is the delivery of a malicious ROMFS archive to the parser, as described in the advisory.

The affected product is NanaZip from M2Team. All releases with a version number of 5.0.1252.0 or newer but older than 6.0.1630.0 contain the flaw. Deployments that incorporate these versions—whether embedded in other software, used in personal or enterprise tools, or shipped with devices—are susceptible if they parse untrusted ROMFS archives.

The CVSS score of 5.1 places this vulnerability in the medium severity range. The EPSS score is below 1 percent, indicating a very low probability of exploitation. It is not listed in CISA’s KEV catalog. The flaw appears exploitable by parsing a crafted ROMFS archive, either supplied locally or remotely depending on how NanaZip is integrated. Because the exploit relies on pathological archive structures, attackers can trigger the infinite loop or stack overflow without the need for additional privileges, potentially crashing the application or exhausting system resources.