Vulnerabilities > CVE-2021-26623 - Out-of-bounds Write vulnerability in Bandisoft Bandizip

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
bandisoft
CWE-787

Summary

A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.

Common Weakness Enumeration (CWE)