Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bandisoft ARK Library Out-of-bound Vulnerability
Vulnerability Description
A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
Bandisoft ARK library缓冲区错误漏洞
Vulnerability Description
Bandisoft ARK library是韩国Bandisoft公司的一个解压Windows、macOS、Linux等各种OS环境中现有的ZIP、RAR、ALZ、EGG等大多数压缩格式的库,并创建ZIP/7Z格式的压缩文件。 Bandisoft ARK library存在安全漏洞,该漏洞源于“xheader_decode_path_record”函数的参数长度值检查不完整,导致远程代码执行漏洞。远程攻击者利用该漏洞攻击恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A