Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-26635

In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.

Published

2022-06-02T14:15:28.307

Last Modified

2024-11-21T05:56:38.160

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-843

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	bandisoft	ark_library	< 7.17	Yes

References

https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 Broken Link, Third Party Advisory ([email protected])
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)