CVE-2021-26603

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:bandisoft:ark_library:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:56

Type Values Removed Values Added
CVSS v2 : 6.8
v3 : 7.8
v2 : 6.8
v3 : 8.6
References () https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237 - Third Party Advisory () https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237 - Third Party Advisory

22 Sep 2021, 13:19

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 7.8
CWE CWE-787
References (MISC) https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237 - (MISC) https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237 - Third Party Advisory
CPE cpe:2.3:a:bandisoft:ark_library:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

09 Sep 2021, 12:51

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-09 12:15

Updated : 2024-11-21 05:56


NVD link : CVE-2021-26603

Mitre link : CVE-2021-26603

CVE.ORG link : CVE-2021-26603


JSON object : View

Products Affected

bandisoft

  • ark_library

microsoft

  • windows
CWE
CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write