In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
References
Link | Resource |
---|---|
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 | Broken Link Third Party Advisory |
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 | Broken Link Third Party Advisory |
Configurations
History
21 Nov 2024, 05:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 - Broken Link, Third Party Advisory |
26 Jun 2023, 17:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-843 | |
References | (MISC) https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 - Broken Link, Third Party Advisory |
09 Jun 2022, 16:45
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
CWE | CWE-787 | |
CPE | cpe:2.3:a:bandisoft:ark_library:*:*:*:*:*:*:*:* |
02 Jun 2022, 14:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-02 14:15
Updated : 2024-11-21 05:56
NVD link : CVE-2021-26635
Mitre link : CVE-2021-26635
CVE.ORG link : CVE-2021-26635
JSON object : View
Products Affected
bandisoft
- ark_library