Source: hashcat X-Debbugs-CC: [email protected] Severity: normal Tags: security
Hi, The following vulnerabilities were published for hashcat. CVE-2026-42482[0]: | A stack-based buffer overflow in mangle_to_hex_lower() and | mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an | attacker to cause a denial of service or possibly execute arbitrary | code via a crafted rule file, or via the -j or -k rule options used | with password candidates of 128 or more characters. The | vulnerability is caused by a bounds check that fails to account for | the 2x expansion that occurs when password bytes are converted to | hexadecimal. CVE-2026-42483[1]: | A heap-based buffer overflow in the Kerberos hash parser in hashcat | v7.1.2 allows an attacker to cause a denial of service or possibly | execute arbitrary code via a crafted Kerberos hash file. The issue | affects module_hash_decode in multiple Kerberos-related modules | because account_info_len is calculated from untrusted delimiter | positions without upper-bound validation before memcpy copies the | data into a fixed-size account_info buffer. CVE-2026-42484[2]: | A heap-based buffer overflow in hex_to_binary in the PKZIP hash | parser in hashcat v7.1.2 allows an attacker to cause a denial of | service or possibly execute arbitrary code via a crafted PKZIP hash | file. The issue affects modules 17200, 17210, 17220, 17225, and | 17230. When data_type_enum<=1, attacker-controlled hex data from a | user-supplied hash string is decoded into a fixed-size buffer | without proper input-length validation. It's unclear whether this has been properly reported upstream: https://gist.github.com/sgInnora/107f2eb20367e47d58c911e38d56a91f If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-42482 https://www.cve.org/CVERecord?id=CVE-2026-42482 [1] https://security-tracker.debian.org/tracker/CVE-2026-42483 https://www.cve.org/CVERecord?id=CVE-2026-42483 [2] https://security-tracker.debian.org/tracker/CVE-2026-42484 https://www.cve.org/CVERecord?id=CVE-2026-42484 Please adjust the affected versions in the BTS as needed.
