본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26623 | Bandisoft ARK Library Out-of-bound Vulnerability2022.03.31
□ Overview
 o Bandisoft International Inc. released security update to address remote code execution vulnerability in Bandizip.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Out-of-Bounds Read/Write Remote code execution High 7.8 CVE-2021-26623

□ Description
 o A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library.
 o Remote attackers can induce exploit malicious code using this function.

□ Affected Product
Affected Product
Product Version Platform
Bandizip prior of 7.19 Windows

□ Solution
 o Update software over Bandizip 7.20 version or higher.

□ Reference
 [1] https://kr.bandisoft.com/bandizip/

□ Etc
 o Thanks to Jeong JaeYoung for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀