CVE-2021-26635

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bandisoft:ark_library:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:56

Type Values Removed Values Added
References () https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 - Broken Link, Third Party Advisory () https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 - Broken Link, Third Party Advisory

26 Jun 2023, 17:58

Type Values Removed Values Added
CWE CWE-787 CWE-843
References (MISC) https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 - Third Party Advisory (MISC) https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 - Broken Link, Third Party Advisory

09 Jun 2022, 16:45

Type Values Removed Values Added
References (MISC) https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 - (MISC) https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 6.8
v3 : 7.8
CWE CWE-787
CPE cpe:2.3:a:bandisoft:ark_library:*:*:*:*:*:*:*:*

02 Jun 2022, 14:53

Type Values Removed Values Added
New CVE

Information

Published : 2022-06-02 14:15

Updated : 2024-11-21 05:56


NVD link : CVE-2021-26635

Mitre link : CVE-2021-26635

CVE.ORG link : CVE-2021-26635


JSON object : View

Products Affected

bandisoft

  • ark_library
CWE
CWE-121

Stack-based Buffer Overflow

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')