CVE-2021-26623 HIGH

CVE-2021-26623: Bandisoft ARK Library Out-of-bound Vulnerability

Vendor Bandisoft International Inc.
Product Bandizip
Weakness CWE-125
Published April 1, 2022
Last update August 3, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.

Key dates

02Disclosure timeline

April 1, 2022 CVE published
August 3, 2024 Record updated