A critical heap-based buffer overflow in Hashcat v7.1.2 allows attackers to exploit the PKZIP hash parser for potential remote code execution.

This vulnerability affects multiple PKZIP-related modules where user-supplied hex data is decoded into a fixed-size buffer without sufficient length validation. This permits an attacker to overflow the buffer during the hex_to_binary process.

The CVSS score of 9.8 reflects the high risk of this vulnerability. Successful exploitation could lead to total system compromise, rendering the machine used for password auditing a target for further lateral movement within a secure network.

Immediate Action: Update to the latest version of Hashcat to address the missing input length validation.

Proactive Monitoring: Monitor the Hashcat execution environment for unauthorized file access or unexpected process termination following the ingestion of PKZIP hash files.

Compensating Controls: Implement input validation at the pipeline level to ensure that hash files conform to expected length constraints before being ingested by Hashcat.

Public Exploit Available: No

Organizations should treat this vulnerability as high priority and update their Hashcat installations immediately. Ensuring all software is at the latest patch level is essential to defending against heap-based memory corruption exploits.