| Title | happyfish100 libfastcommon V1.0.84 and earlier Heap-based Buffer Overflow |
|---|
| Description | A heap-based buffer overflow vulnerability was found in happyfish100 libfastcommon (affecting version V1.0.84 and prior). The issue occurs in the function base64_decode within the file src/base64.c. The vulnerability is triggered by calculating the length of the destination buffer incorrectly when processing malicious Base64 input with excessive padding or invalid characters. This leads to an out-of-bounds write of a null byte.
The issue was reported and discussed in GitHub Issue #55: https://github.com/happyfish100/libfastcommon/issues/55
The vulnerability has been fixed in the master branch via commit 82f66af: https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c3891570f085e79adf |
|---|
| Source | ⚠️ https://github.com/happyfish100/libfastcommon/issues/55 |
|---|
| User | liloler (UID 94450) |
|---|
| Submission | 01/22/2026 03:20 (5 months ago) |
|---|
| Moderation | 02/05/2026 20:35 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 344598 [happyfish100 libfastcommon up to 1.0.84 src/base64.c base64_decode stack-based overflow] |
|---|
| Points | 20 |
|---|