CVE-2026-2016

Summary

A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue.

Affected Software

VendorProductVersion RangeStatus
happyfish100libfastcommon1.0.0affected
happyfish100libfastcommon1.0.1affected
happyfish100libfastcommon1.0.2affected
happyfish100libfastcommon1.0.3affected
happyfish100libfastcommon1.0.4affected
happyfish100libfastcommon1.0.5affected
happyfish100libfastcommon1.0.6affected
happyfish100libfastcommon1.0.7affected
happyfish100libfastcommon1.0.8affected
happyfish100libfastcommon1.0.9affected
happyfish100libfastcommon1.0.10affected
happyfish100libfastcommon1.0.11affected
happyfish100libfastcommon1.0.12affected
happyfish100libfastcommon1.0.13affected
happyfish100libfastcommon1.0.14affected
happyfish100libfastcommon1.0.15affected
happyfish100libfastcommon1.0.16affected
happyfish100libfastcommon1.0.17affected
happyfish100libfastcommon1.0.18affected
happyfish100libfastcommon1.0.19affected
happyfish100libfastcommon1.0.20affected
happyfish100libfastcommon1.0.21affected
happyfish100libfastcommon1.0.22affected
happyfish100libfastcommon1.0.23affected
happyfish100libfastcommon1.0.24affected
happyfish100libfastcommon1.0.25affected
happyfish100libfastcommon1.0.26affected
happyfish100libfastcommon1.0.27affected
happyfish100libfastcommon1.0.28affected
happyfish100libfastcommon1.0.29affected
happyfish100libfastcommon1.0.30affected
happyfish100libfastcommon1.0.31affected
happyfish100libfastcommon1.0.32affected
happyfish100libfastcommon1.0.33affected
happyfish100libfastcommon1.0.34affected
happyfish100libfastcommon1.0.35affected
happyfish100libfastcommon1.0.36affected
happyfish100libfastcommon1.0.37affected
happyfish100libfastcommon1.0.38affected
happyfish100libfastcommon1.0.39affected
happyfish100libfastcommon1.0.40affected
happyfish100libfastcommon1.0.41affected
happyfish100libfastcommon1.0.42affected
happyfish100libfastcommon1.0.43affected
happyfish100libfastcommon1.0.44affected
happyfish100libfastcommon1.0.45affected
happyfish100libfastcommon1.0.46affected
happyfish100libfastcommon1.0.47affected
happyfish100libfastcommon1.0.48affected
happyfish100libfastcommon1.0.49affected
happyfish100libfastcommon1.0.50affected
happyfish100libfastcommon1.0.51affected
happyfish100libfastcommon1.0.52affected
happyfish100libfastcommon1.0.53affected
happyfish100libfastcommon1.0.54affected
happyfish100libfastcommon1.0.55affected
happyfish100libfastcommon1.0.56affected
happyfish100libfastcommon1.0.57affected
happyfish100libfastcommon1.0.58affected
happyfish100libfastcommon1.0.59affected
happyfish100libfastcommon1.0.60affected
happyfish100libfastcommon1.0.61affected
happyfish100libfastcommon1.0.62affected
happyfish100libfastcommon1.0.63affected
happyfish100libfastcommon1.0.64affected
happyfish100libfastcommon1.0.65affected
happyfish100libfastcommon1.0.66affected
happyfish100libfastcommon1.0.67affected
happyfish100libfastcommon1.0.68affected
happyfish100libfastcommon1.0.69affected
happyfish100libfastcommon1.0.70affected
happyfish100libfastcommon1.0.71affected
happyfish100libfastcommon1.0.72affected
happyfish100libfastcommon1.0.73affected
happyfish100libfastcommon1.0.74affected
happyfish100libfastcommon1.0.75affected
happyfish100libfastcommon1.0.76affected
happyfish100libfastcommon1.0.77affected
happyfish100libfastcommon1.0.78affected
happyfish100libfastcommon1.0.79affected
happyfish100libfastcommon1.0.80affected
happyfish100libfastcommon1.0.81affected
happyfish100libfastcommon1.0.82affected
happyfish100libfastcommon1.0.83affected
happyfish100libfastcommon1.0.84affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References