CVE-2021-26603

Опубликовано: 09 сент. 2021

Источник: nvd

CVSS3: 8.6

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.

Ссылки

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237
Third Party Advisory
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:bandisoft:ark_library:*:*:*:*:*:*:*:*

Версия до 7.13.0.3 (исключая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00213

Низкий

8.6 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-122

CWE-787

Связанные уязвимости

GHSA-xcf9-rf7p-r7f6

github

больше 3 лет назад

A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.

EPSS

Процентиль: 44%

0.00213

Низкий

8.6 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-122

CWE-787