Description
A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue.
Published: 2026-02-06
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stack‑based buffer overflow potentially exploitable for code execution
Action: Patch Immediately
AI Analysis

Impact

The flaw resides in the base64_decode routine of happyfish100 libfastcommon, where an attacker can supply malformed Base64 data that causes a stack‑based buffer overflow. This overflow may allow the execution of arbitrary code or a crash of the calling process. The vulnerability is triggered by locally crafted input, and public exploits have been released, indicating that the flaw has already been abused in the wild.

Affected Systems

Products affected are happyfish100’s libfastcommon library, versions up to and including 1.0.84. The vulnerability is present in the base64.c component of that package. Users running any of these versions should consider the library as vulnerable until the patch with commit identifier 82f66af3e252e3e137dba0c3891570f085e79adf is applied.

Risk and Exploitability

The CVSS score of 4.8 places the issue in the medium severity range. The EPSS score of less than 1% suggests a low probability of exploitation, but the vulnerability is listed as publicly disclosed and the exploit is available, so vigilance is warranted. The flaw requires local access to trigger, and it is not catalogued in CISA’s KEV list. Because the attack revolves around stack corruption, timely patching is the primary defense.

Generated by OpenCVE AI on April 18, 2026 at 13:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the patch corresponding to commit 82f66af3e252e3e137dba0c3891570f085e79adf to libfastcommon to fix the base64_decode overflow.
  • If a patch is not immediately available, upgrade libfastcommon to a version newer than 1.0.84 that incorporates the fix.
  • Limit local execution of programs that link against libfastcommon to trusted users or groups until the library is updated to address the vulnerability.

Generated by OpenCVE AI on April 18, 2026 at 13:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:happyfish100:libfastcommon:*:*:*:*:*:*:*:*

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Happyfish100
Happyfish100 libfastcommon
Vendors & Products Happyfish100
Happyfish100 libfastcommon

Fri, 06 Feb 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 11:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 82f66af3e252e3e137dba0c3891570f085e79adf. Applying a patch is the recommended action to fix this issue.
Title happyfish100 libfastcommon base64.c base64_decode stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Happyfish100 Libfastcommon
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:24:15.968Z

Reserved: 2026-02-05T19:35:28.683Z

Link: CVE-2026-2016

cve-icon Vulnrichment

Updated: 2026-02-06T13:08:33.216Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T12:16:26.073

Modified: 2026-02-17T19:11:30.800

Link: CVE-2026-2016

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T13:45:45Z

Weaknesses