본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26635 | Bandisoft ARK Library buffer overflow vulnerability2022.05.30
□ Overview
 o Bandisoft International Inc. released security update to address buffer overflow vulnerability in ark library.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Buffer Overflow remote code execution,
privilege escalation
High 7.8 CVE-2021-26635

□ Description
 o In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type.
 o An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution,

□ Affected Product
Affected Product
Product Version Platform
ark library prior of 7.17 Windows, Mac OS, Linux and etc.

□ Solution
 o Update software over ark library 7.23.0.2 version or higher.

□ Reference
[1] https://kr.bandisoft.com/ark/

□ Acknowledgements
 o Thanks to Jeong Jaeyoung for reporting this vulnerability.
 

□ 작성 : 침해사고분석단 취약점분석팀