Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bandisoft ARK Library buffer overflow vulnerability
Vulnerability Description
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
Bandisoft ARK library 缓冲区错误漏洞
Vulnerability Description
Bandisoft ARK library是韩国Bandisoft公司的一个解压Windows、macOS、Linux等各种OS环境中现有的ZIP、RAR、ALZ、EGG等大多数压缩格式的库,并创建ZIP/7Z格式的压缩文件。 Bandisoft ARK library 7.17之前的版本存在缓冲区错误漏洞,该漏洞源于在ark 库中校验文件大小的代码中数据类型使用错误,攻击者利用该漏洞可以执行远程代码。
CVSS Information
N/A
Vulnerability Type
N/A