본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26615 | bandisoft ARK Library integer overflow vulnerability2021.11.25
□ Overview
o bandisoft Co.,Ltd released security update to address integer overflow vulnerability in ARK library.(decompression module)
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
integer overflow remote code execution High 7.8 CVE-2021-26615
 
□ Description
o ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function
because of an integer overflow.
 
□ Affected Product
Affected Product
Product Version Platform
ARK library 7.13.0.3 Linux Ubuntu

□ Solution
o Update software over 7.16.0.1 version or higher.

□ Reference
[1] https://kr.bandisoft.com/ark/
 
□ Acknowledgements
o Thanks to Jae Young Jeong for reporting this vulnerability


□ 작성 : 침해사고분석단 취약점분석팀