Описание
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
Ссылки
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.17 (исключая)
cpe:2.3:a:bandisoft:ark_library:*:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.05086
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-121
CWE-843
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
EPSS
Процентиль: 89%
0.05086
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-121
CWE-843