In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
References
Link | Resource |
---|---|
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=66747 | Broken Link Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: krcert
Published: 2022-06-01T15:04:52
Updated: 2022-06-01T15:04:52
Reserved: 2021-02-03T00:00:00
Link: CVE-2021-26635
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-02T14:15:28.307
Modified: 2023-06-26T17:58:58.730
Link: CVE-2021-26635
JSON object: View
Redhat Information
No data.