CVE-2026-2016
4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Summary
A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| happyfish100 | libfastcommon | 1.0.0 | affected |
| happyfish100 | libfastcommon | 1.0.1 | affected |
| happyfish100 | libfastcommon | 1.0.2 | affected |
| happyfish100 | libfastcommon | 1.0.3 | affected |
| happyfish100 | libfastcommon | 1.0.4 | affected |
| happyfish100 | libfastcommon | 1.0.5 | affected |
| happyfish100 | libfastcommon | 1.0.6 | affected |
| happyfish100 | libfastcommon | 1.0.7 | affected |
| happyfish100 | libfastcommon | 1.0.8 | affected |
| happyfish100 | libfastcommon | 1.0.9 | affected |
| happyfish100 | libfastcommon | 1.0.10 | affected |
| happyfish100 | libfastcommon | 1.0.11 | affected |
| happyfish100 | libfastcommon | 1.0.12 | affected |
| happyfish100 | libfastcommon | 1.0.13 | affected |
| happyfish100 | libfastcommon | 1.0.14 | affected |
| happyfish100 | libfastcommon | 1.0.15 | affected |
| happyfish100 | libfastcommon | 1.0.16 | affected |
| happyfish100 | libfastcommon | 1.0.17 | affected |
| happyfish100 | libfastcommon | 1.0.18 | affected |
| happyfish100 | libfastcommon | 1.0.19 | affected |
| happyfish100 | libfastcommon | 1.0.20 | affected |
| happyfish100 | libfastcommon | 1.0.21 | affected |
| happyfish100 | libfastcommon | 1.0.22 | affected |
| happyfish100 | libfastcommon | 1.0.23 | affected |
| happyfish100 | libfastcommon | 1.0.24 | affected |
| happyfish100 | libfastcommon | 1.0.25 | affected |
| happyfish100 | libfastcommon | 1.0.26 | affected |
| happyfish100 | libfastcommon | 1.0.27 | affected |
| happyfish100 | libfastcommon | 1.0.28 | affected |
| happyfish100 | libfastcommon | 1.0.29 | affected |
| happyfish100 | libfastcommon | 1.0.30 | affected |
| happyfish100 | libfastcommon | 1.0.31 | affected |
| happyfish100 | libfastcommon | 1.0.32 | affected |
| happyfish100 | libfastcommon | 1.0.33 | affected |
| happyfish100 | libfastcommon | 1.0.34 | affected |
| happyfish100 | libfastcommon | 1.0.35 | affected |
| happyfish100 | libfastcommon | 1.0.36 | affected |
| happyfish100 | libfastcommon | 1.0.37 | affected |
| happyfish100 | libfastcommon | 1.0.38 | affected |
| happyfish100 | libfastcommon | 1.0.39 | affected |
| happyfish100 | libfastcommon | 1.0.40 | affected |
| happyfish100 | libfastcommon | 1.0.41 | affected |
| happyfish100 | libfastcommon | 1.0.42 | affected |
| happyfish100 | libfastcommon | 1.0.43 | affected |
| happyfish100 | libfastcommon | 1.0.44 | affected |
| happyfish100 | libfastcommon | 1.0.45 | affected |
| happyfish100 | libfastcommon | 1.0.46 | affected |
| happyfish100 | libfastcommon | 1.0.47 | affected |
| happyfish100 | libfastcommon | 1.0.48 | affected |
| happyfish100 | libfastcommon | 1.0.49 | affected |
| happyfish100 | libfastcommon | 1.0.50 | affected |
| happyfish100 | libfastcommon | 1.0.51 | affected |
| happyfish100 | libfastcommon | 1.0.52 | affected |
| happyfish100 | libfastcommon | 1.0.53 | affected |
| happyfish100 | libfastcommon | 1.0.54 | affected |
| happyfish100 | libfastcommon | 1.0.55 | affected |
| happyfish100 | libfastcommon | 1.0.56 | affected |
| happyfish100 | libfastcommon | 1.0.57 | affected |
| happyfish100 | libfastcommon | 1.0.58 | affected |
| happyfish100 | libfastcommon | 1.0.59 | affected |
| happyfish100 | libfastcommon | 1.0.60 | affected |
| happyfish100 | libfastcommon | 1.0.61 | affected |
| happyfish100 | libfastcommon | 1.0.62 | affected |
| happyfish100 | libfastcommon | 1.0.63 | affected |
| happyfish100 | libfastcommon | 1.0.64 | affected |
| happyfish100 | libfastcommon | 1.0.65 | affected |
| happyfish100 | libfastcommon | 1.0.66 | affected |
| happyfish100 | libfastcommon | 1.0.67 | affected |
| happyfish100 | libfastcommon | 1.0.68 | affected |
| happyfish100 | libfastcommon | 1.0.69 | affected |
| happyfish100 | libfastcommon | 1.0.70 | affected |
| happyfish100 | libfastcommon | 1.0.71 | affected |
| happyfish100 | libfastcommon | 1.0.72 | affected |
| happyfish100 | libfastcommon | 1.0.73 | affected |
| happyfish100 | libfastcommon | 1.0.74 | affected |
| happyfish100 | libfastcommon | 1.0.75 | affected |
| happyfish100 | libfastcommon | 1.0.76 | affected |
| happyfish100 | libfastcommon | 1.0.77 | affected |
| happyfish100 | libfastcommon | 1.0.78 | affected |
| happyfish100 | libfastcommon | 1.0.79 | affected |
| happyfish100 | libfastcommon | 1.0.80 | affected |
| happyfish100 | libfastcommon | 1.0.81 | affected |
| happyfish100 | libfastcommon | 1.0.82 | affected |
| happyfish100 | libfastcommon | 1.0.83 | affected |
| happyfish100 | libfastcommon | 1.0.84 | affected |
Weaknesses
- CWE-121: Stack-based Buffer Overflow
- CWE-119: Memory Corruption
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://vuldb.com/?id.344598
- https://vuldb.com/?ctiid.344598
- https://vuldb.com/?submit.743873
- https://github.com/happyfish100/libfastcommon/issues/55
- https://github.com/happyfish100/libfastcommon/issues/55#issuecomment-3776757848
- https://github.com/happyfish100/libfastcommon/issues/55#issue-3836362577
- https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c3891570f085e79adf
- https://github.com/happyfish100/libfastcommon/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.