CVE-2021-26623: Bandisoft ARK Library Out-of-bound Vulnerability
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.
Affected Software
Event History
Frequently Asked Questions
What is CVE-2021-26623?
CVE-2021-26623 is a remote code execution vulnerability in the ark library due to an incomplete check for the 'xheader_decode_path_record' function's parameter length value.
What is the severity of CVE-2021-26623?
The severity of CVE-2021-26623 is critical with a CVSS score of 9.8.
Which software is affected by CVE-2021-26623?
Bandisoft Bandizip versions up to and excluding 7.19 are affected by CVE-2021-26623.
How can remote attackers exploit CVE-2021-26623?
Remote attackers can exploit CVE-2021-26623 by inducing exploit malicious code using the 'xheader_decode_path_record' function.
Is Microsoft Windows vulnerable to CVE-2021-26623?
No, Microsoft Windows is not vulnerable to CVE-2021-26623.
Is there a patch or fix available for CVE-2021-26623?
There is currently no information available regarding a patch or fix for CVE-2021-26623.
What are the Common Weakness Enumerations (CWEs) associated with CVE-2021-26623?
CVE-2021-26623 is associated with CWE-125 (Out-of-bounds Read) and CWE-787 (Out-of-bounds Write).
Where can I find more information about CVE-2021-26623?
You can find more information about CVE-2021-26623 at https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595