CVE-2021-26635: Bandisoft ARK Library buffer overflow vulnerability
First published: Wed Jun 01 2022(Updated: )
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
Credit: vuln@krcert.or.kr
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Bandisoft ARK Library | <7.17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-26635?
CVE-2021-26635 is a vulnerability in the ark library that allows an attacker to manipulate the offset read from the target file, leading to a stack buffer overflow and potential remote code execution.
What is the severity of CVE-2021-26635?
The severity of CVE-2021-26635 is high, with a CVSS score of 7.8.
Which software is affected by CVE-2021-26635?
The Bandisoft Ark Library versions up to exclusive 7.17 are affected by CVE-2021-26635.
How can an attacker exploit CVE-2021-26635?
An attacker can exploit CVE-2021-26635 by manipulating the offset read from the target file, causing a stack buffer overflow and potentially executing remote code.
Is there a fix for CVE-2021-26635?
At the moment, there is no known fix for CVE-2021-26635. It is recommended to follow the vendor's security advisories for any updates or patches.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/bandisoft
- canonical/bandisoft ark library