{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2016", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-05T19:35:28.683Z", "datePublished": "2026-02-06T11:02:08.107Z", "dateUpdated": "2026-02-23T09:24:15.968Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:24:15.968Z"}, "title": "happyfish100 libfastcommon base64.c base64_decode stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "happyfish100", "product": "libfastcommon", "versions": [{"version": "1.0.0", "status": "affected"}, {"version": "1.0.1", "status": "affected"}, {"version": "1.0.2", "status": "affected"}, {"version": "1.0.3", "status": "affected"}, {"version": "1.0.4", "status": "affected"}, {"version": "1.0.5", "status": "affected"}, {"version": "1.0.6", "status": "affected"}, {"version": "1.0.7", "status": "affected"}, {"version": "1.0.8", "status": "affected"}, {"version": "1.0.9", "status": "affected"}, {"version": "1.0.10", "status": "affected"}, {"version": "1.0.11", "status": "affected"}, {"version": "1.0.12", "status": "affected"}, {"version": "1.0.13", "status": "affected"}, {"version": "1.0.14", "status": "affected"}, {"version": "1.0.15", "status": "affected"}, {"version": "1.0.16", "status": "affected"}, {"version": "1.0.17", "status": "affected"}, {"version": "1.0.18", "status": "affected"}, {"version": "1.0.19", "status": "affected"}, {"version": "1.0.20", "status": "affected"}, {"version": "1.0.21", "status": "affected"}, {"version": "1.0.22", "status": "affected"}, {"version": "1.0.23", "status": "affected"}, {"version": "1.0.24", "status": "affected"}, {"version": "1.0.25", "status": "affected"}, {"version": "1.0.26", "status": "affected"}, {"version": "1.0.27", "status": "affected"}, {"version": "1.0.28", "status": "affected"}, {"version": "1.0.29", "status": "affected"}, {"version": "1.0.30", "status": "affected"}, {"version": "1.0.31", "status": "affected"}, {"version": "1.0.32", "status": "affected"}, {"version": "1.0.33", "status": "affected"}, {"version": "1.0.34", "status": "affected"}, {"version": "1.0.35", "status": "affected"}, {"version": "1.0.36", "status": "affected"}, {"version": "1.0.37", "status": "affected"}, {"version": "1.0.38", "status": "affected"}, {"version": "1.0.39", "status": "affected"}, {"version": "1.0.40", "status": "affected"}, {"version": "1.0.41", "status": "affected"}, {"version": "1.0.42", "status": "affected"}, {"version": "1.0.43", "status": "affected"}, {"version": "1.0.44", "status": "affected"}, {"version": "1.0.45", "status": "affected"}, {"version": "1.0.46", "status": "affected"}, {"version": "1.0.47", "status": "affected"}, {"version": "1.0.48", "status": "affected"}, {"version": "1.0.49", "status": "affected"}, {"version": "1.0.50", "status": "affected"}, {"version": "1.0.51", "status": "affected"}, {"version": "1.0.52", "status": "affected"}, {"version": "1.0.53", "status": "affected"}, {"version": "1.0.54", "status": "affected"}, {"version": "1.0.55", "status": "affected"}, {"version": "1.0.56", "status": "affected"}, {"version": "1.0.57", "status": "affected"}, {"version": "1.0.58", "status": "affected"}, {"version": "1.0.59", "status": "affected"}, {"version": "1.0.60", "status": "affected"}, {"version": "1.0.61", "status": "affected"}, {"version": "1.0.62", "status": "affected"}, {"version": "1.0.63", "status": "affected"}, {"version": "1.0.64", "status": "affected"}, {"version": "1.0.65", "status": "affected"}, {"version": "1.0.66", "status": "affected"}, {"version": "1.0.67", "status": "affected"}, {"version": "1.0.68", "status": "affected"}, {"version": "1.0.69", "status": "affected"}, {"version": "1.0.70", "status": "affected"}, {"version": "1.0.71", "status": "affected"}, {"version": "1.0.72", "status": "affected"}, {"version": "1.0.73", "status": "affected"}, {"version": "1.0.74", "status": "affected"}, {"version": "1.0.75", "status": "affected"}, {"version": "1.0.76", "status": "affected"}, {"version": "1.0.77", "status": "affected"}, {"version": "1.0.78", "status": "affected"}, {"version": "1.0.79", "status": "affected"}, {"version": "1.0.80", "status": "affected"}, {"version": "1.0.81", "status": "affected"}, {"version": "1.0.82", "status": "affected"}, {"version": "1.0.83", "status": "affected"}, {"version": "1.0.84", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-05T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-05T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-18T01:03:36.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "liloler (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.344598", "name": "VDB-344598 | happyfish100 libfastcommon base64.c base64_decode stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344598", "name": "VDB-344598 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.743873", "name": "Submit #743873 | happyfish100 libfastcommon V1.0.84 and earlier Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/happyfish100/libfastcommon/issues/55", "tags": ["issue-tracking"]}, {"url": "https://github.com/happyfish100/libfastcommon/issues/55#issuecomment-3776757848", "tags": ["issue-tracking"]}, {"url": "https://github.com/happyfish100/libfastcommon/issues/55#issue-3836362577", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c3891570f085e79adf", "tags": ["patch"]}, {"url": "https://github.com/happyfish100/libfastcommon/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T13:08:24.871953Z", "id": "CVE-2026-2016", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T13:08:43.137Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2016", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T13:08:24.871953Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T13:08:33.216Z"}}], "cna": {"tags": ["x_open-source"], "title": "happyfish100 libfastcommon base64.c base64_decode stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "liloler (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "happyfish100", "product": "libfastcommon", "versions": [{"status": "affected", "version": "1.0.0"}, {"status": "affected", "version": "1.0.1"}, {"status": "affected", "version": "1.0.2"}, {"status": "affected", "version": "1.0.3"}, {"status": "affected", "version": "1.0.4"}, {"status": "affected", "version": "1.0.5"}, {"status": "affected", "version": "1.0.6"}, {"status": "affected", "version": "1.0.7"}, {"status": "affected", "version": "1.0.8"}, {"status": "affected", "version": "1.0.9"}, {"status": "affected", "version": "1.0.10"}, {"status": "affected", "version": "1.0.11"}, {"status": "affected", "version": "1.0.12"}, {"status": "affected", "version": "1.0.13"}, {"status": "affected", "version": "1.0.14"}, {"status": "affected", "version": "1.0.15"}, {"status": "affected", "version": "1.0.16"}, {"status": "affected", "version": "1.0.17"}, {"status": "affected", "version": "1.0.18"}, {"status": "affected", "version": "1.0.19"}, {"status": "affected", "version": "1.0.20"}, {"status": "affected", "version": "1.0.21"}, {"status": "affected", "version": "1.0.22"}, {"status": "affected", "version": "1.0.23"}, {"status": "affected", "version": "1.0.24"}, {"status": "affected", "version": "1.0.25"}, {"status": "affected", "version": "1.0.26"}, {"status": "affected", "version": "1.0.27"}, {"status": "affected", "version": "1.0.28"}, {"status": "affected", "version": "1.0.29"}, {"status": "affected", "version": "1.0.30"}, {"status": "affected", "version": "1.0.31"}, {"status": "affected", "version": "1.0.32"}, {"status": "affected", "version": "1.0.33"}, {"status": "affected", "version": "1.0.34"}, {"status": "affected", "version": "1.0.35"}, {"status": "affected", "version": "1.0.36"}, {"status": "affected", "version": "1.0.37"}, {"status": "affected", "version": "1.0.38"}, {"status": "affected", "version": "1.0.39"}, {"status": "affected", "version": "1.0.40"}, {"status": "affected", "version": "1.0.41"}, {"status": "affected", "version": "1.0.42"}, {"status": "affected", "version": "1.0.43"}, {"status": "affected", "version": "1.0.44"}, {"status": "affected", "version": "1.0.45"}, {"status": "affected", "version": "1.0.46"}, {"status": "affected", "version": "1.0.47"}, {"status": "affected", "version": "1.0.48"}, {"status": "affected", "version": "1.0.49"}, {"status": "affected", "version": "1.0.50"}, {"status": "affected", "version": "1.0.51"}, {"status": "affected", "version": "1.0.52"}, {"status": "affected", "version": "1.0.53"}, {"status": "affected", "version": "1.0.54"}, {"status": "affected", "version": "1.0.55"}, {"status": "affected", "version": "1.0.56"}, {"status": "affected", "version": "1.0.57"}, {"status": "affected", "version": "1.0.58"}, {"status": "affected", "version": "1.0.59"}, {"status": "affected", "version": "1.0.60"}, {"status": "affected", "version": "1.0.61"}, {"status": "affected", "version": "1.0.62"}, {"status": "affected", "version": "1.0.63"}, {"status": "affected", "version": "1.0.64"}, {"status": "affected", "version": "1.0.65"}, {"status": "affected", "version": "1.0.66"}, {"status": "affected", "version": "1.0.67"}, {"status": "affected", "version": "1.0.68"}, {"status": "affected", "version": "1.0.69"}, {"status": "affected", "version": "1.0.70"}, {"status": "affected", "version": "1.0.71"}, {"status": "affected", "version": "1.0.72"}, {"status": "affected", "version": "1.0.73"}, {"status": "affected", "version": "1.0.74"}, {"status": "affected", "version": "1.0.75"}, {"status": "affected", "version": "1.0.76"}, {"status": "affected", "version": "1.0.77"}, {"status": "affected", "version": "1.0.78"}, {"status": "affected", "version": "1.0.79"}, {"status": "affected", "version": "1.0.80"}, {"status": "affected", "version": "1.0.81"}, {"status": "affected", "version": "1.0.82"}, {"status": "affected", "version": "1.0.83"}, {"status": "affected", "version": "1.0.84"}]}], "timeline": [{"lang": "en", "time": "2026-02-05T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-05T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-18T01:03:36.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.344598", "name": "VDB-344598 | happyfish100 libfastcommon base64.c base64_decode stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.344598", "name": "VDB-344598 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.743873", "name": "Submit #743873 | happyfish100 libfastcommon V1.0.84 and earlier Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/happyfish100/libfastcommon/issues/55", "tags": ["issue-tracking"]}, {"url": "https://github.com/happyfish100/libfastcommon/issues/55#issuecomment-3776757848", "tags": ["issue-tracking"]}, {"url": "https://github.com/happyfish100/libfastcommon/issues/55#issue-3836362577", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c3891570f085e79adf", "tags": ["patch"]}, {"url": "https://github.com/happyfish100/libfastcommon/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:24:15.968Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2016", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:24:15.968Z", "dateReserved": "2026-02-05T19:35:28.683Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-06T11:02:08.107Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:happyfish100:libfastcommon:*:*:*:*:*:*:*:*", "matchCriteriaId": "C75F73CF-18BB-4FE5-9440-693DD0E92FFF", "versionEndIncluding": "1.0.84", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de seguridad en happyfish100 libfastcommon hasta la versi\u00f3n 1.0.84. Afectada por esta vulnerabilidad es la funci\u00f3n base64_decode del archivo src/base64.c. La manipulaci\u00f3n conduce a un desbordamiento de b\u00fafer basado en pila. Se requiere acceso local para abordar este ataque. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado. El identificador del parche es 82f66af3e252e3e137dba0c3891570f085e79adf. Aplicar un parche es la acci\u00f3n recomendada para solucionar este problema."}], "id": "CVE-2026-2016", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-06T12:16:26.073", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/happyfish100/libfastcommon/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/happyfish100/libfastcommon/commit/82f66af3e252e3e137dba0c3891570f085e79adf"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/happyfish100/libfastcommon/issues/55"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/happyfish100/libfastcommon/issues/55#issue-3836362577"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/happyfish100/libfastcommon/issues/55#issuecomment-3776757848"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.344598"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.344598"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.743873"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T13:35:14.093803+00:00", "value": {"mitigation_remediation": ["Apply the patch corresponding to commit 82f66af3e252e3e137dba0c3891570f085e79adf to libfastcommon to fix the base64_decode overflow.", "If a patch is not immediately available, upgrade libfastcommon to a version newer than 1.0.84 that incorporates the fix.", "Limit local execution of programs that link against libfastcommon to trusted users or groups until the library is updated to address the vulnerability."], "summary": {"action": "Patch Immediately", "impact": "Stack\u2011based buffer overflow potentially exploitable for code execution"}, "threat_synthesis": {"affected_systems": "Products affected are happyfish100\u2019s libfastcommon library, versions up to and including 1.0.84. The vulnerability is present in the base64.c component of that package. Users running any of these versions should consider the library as vulnerable until the patch with commit identifier 82f66af3e252e3e137dba0c3891570f085e79adf is applied.", "description_and_impact": "The flaw resides in the base64_decode routine of happyfish100 libfastcommon, where an attacker can supply malformed Base64 data that causes a stack\u2011based buffer overflow. This overflow may allow the execution of arbitrary code or a crash of the calling process. The vulnerability is triggered by locally crafted input, and public exploits have been released, indicating that the flaw has already been abused in the wild.", "risk_and_exploitability": "The CVSS score of 4.8 places the issue in the medium severity range. The EPSS score of less than 1% suggests a low probability of exploitation, but the vulnerability is listed as publicly disclosed and the exploit is available, so vigilance is warranted. The flaw requires local access to trigger, and it is not catalogued in CISA\u2019s KEV list. Because the attack revolves around stack corruption, timely patching is the primary defense."}}}}, "created": "2026-02-09T10:52:48.147036+00:00", "updated": "2026-04-18T13:45:45.670083+00:00", "vendors": ["happyfish100", "happyfish100$PRODUCT$libfastcommon"]}