| Título | happyfish100 libfastcommon V1.0.84 and earlier Heap-based Buffer Overflow |
|---|
| Descrição | A heap-based buffer overflow vulnerability was found in happyfish100 libfastcommon (affecting version V1.0.84 and prior). The issue occurs in the function base64_decode within the file src/base64.c. The vulnerability is triggered by calculating the length of the destination buffer incorrectly when processing malicious Base64 input with excessive padding or invalid characters. This leads to an out-of-bounds write of a null byte.
The issue was reported and discussed in GitHub Issue #55: https://github.com/happyfish100/libfastcommon/issues/55
The vulnerability has been fixed in the master branch via commit 82f66af: https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c3891570f085e79adf |
|---|
| Fonte | ⚠️ https://github.com/happyfish100/libfastcommon/issues/55 |
|---|
| Utilizador | liloler (UID 94450) |
|---|
| Submissão | 22/01/2026 03h20 (há 5 meses) |
|---|
| Moderação | 05/02/2026 20h35 (15 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 344598 [happyfish100 libfastcommon até 1.0.84 src/base64.c base64_decode Excesso de tampão] |
|---|
| Pontos | 20 |
|---|