Lucene search

KrcertCVELIST:CVE-2021-26623

HistoryApr 01, 2022 - 10:17 p.m.

CVE-2021-26623 Bandisoft ARK Library Out-of-bound Vulnerability

2022-04-0122:17:41

CWE-125

CWE-787

krcert

www.cve.org

cve-2021-26623

bandisoft ark

out-of-bound vulnerability

remote code execution

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.1%

JSON

A remote code execution vulnerability due to incomplete check for ‘xheader_decode_path_record’ function’s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.

CNA Affected

[
  {
    "platforms": [
      "Windows"
    ],
    "product": "Bandizip",
    "vendor": "Bandisoft International Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.19",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66595

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.1%

JSON

Related for CVELIST:CVE-2021-26623