Headline
CVE-2021-26623: KISA 인터넷 보호나라&KrCERT
A remote code execution vulnerability due to incomplete check for ‘xheader_decode_path_record’ function’s parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.
Security Advisory
CVE-2021-26623 | Bandisoft ARK Library Out-of-bound Vulnerability2022.03.31
□ Overview
o Bandisoft International Inc. released security update to address remote code execution vulnerability in Bandizip.
Vulnerability
Vulnerability Type
Impact
Severity
CVSS Score
CVE ID
Out-of-Bounds Read/Write
Remote code execution
High
7.8
CVE-2021-26623
□ Description
o A remote code execution vulnerability due to incomplete check for ‘xheader_decode_path_record’ function’s parameter length value in the ark library.
o Remote attackers can induce exploit malicious code using this function.
□ Affected Product
Affected Product
Product
Version
Platform
Bandizip
prior of 7.19
Windows
□ Solution
o Update software over Bandizip 7.20 version or higher.
□ Reference
[1] https://kr.bandisoft.com/bandizip/
□ Etc
o Thanks to Jeong JaeYoung for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀
트위터 페이스북