CVE-2026-24823
Out-of-Bounds Write in FASTSHIFT X-TRACK inflate.C Module
Publication date: 2026-01-27
Last updated on: 2026-01-27
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fastshift | x-track | to 2.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a classic buffer overflow in the FASTSHIFT X-TRACK software, specifically in the inflate() function used for decompressing gzip data. The issue arises because the function did not properly check the size of the input when processing the gzip header extra field. If the extra field size exceeded the buffer space allocated by the user, and multiple calls to inflate() delivered the extra header data, it could cause an out-of-bounds write by overflowing the buffer. This happens because the code was cloned from the zlib library but missed a critical security patch that prevents such overflows. [1]
How can this vulnerability impact me? :
This vulnerability can lead to a buffer overflow, which may allow an attacker to overwrite memory beyond the allocated buffer. This can result in arbitrary code execution, crashes, or other unpredictable behavior, potentially compromising the security and stability of the system running FASTSHIFT X-TRACK. Because the CVSS base score is 10.0, it indicates a critical impact with no required privileges or user interaction, making it highly exploitable remotely. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the affected version of FASTSHIFT X-TRACK (through v2.7) is in use and whether the vulnerable inflate() function is processing gzip headers with extra fields that could cause buffer overflow. Since the vulnerability is in the inflate() function handling gzip header extra fields, you can monitor for crashes or abnormal behavior during decompression of gzip files. Specific commands are not provided in the resources. However, you can verify the version of X-TRACK installed and check if the patch from pull request #120 has been applied. For example, you might use commands to check the software version or inspect the source code for the patch. No explicit detection commands are given. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the security patch from pull request #120, which fixes the buffer overflow in the inflate() function by incorporating the critical security patch originally applied to zlib. This patch ensures that the buffer space provided by the user is not exceeded during decompression. If updating is not immediately possible, avoid processing untrusted gzip files with extra header fields using the vulnerable version of FASTSHIFT X-TRACK. Upgrading to a version that includes this fix or applying the patch manually is recommended. [1]