A critical buffer overflow in the B64dec utility allows attackers to execute arbitrary code on a system by providing crafted input during base64 decoding operations.

The vulnerability occurs during the base64 decoding process when the utility handles malformed or overly long input. An attacker can use an "egg hunter" technique and a crafted payload to overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the exception is triggered.

If this utility is used as part of an automated pipeline or by system administrators, its compromise can lead to the execution of malicious code with the privileges of the executing user. This could result in data theft, malware installation, or persistent access to the host system. The CVSS score of 9.8 reflects the high risk of code execution.

Immediate Action: Discontinue use of B64dec version 1.1.2 and update to a patched version or switch to a standard, well-maintained decoding library (e.g., those built into modern operating systems).

Proactive Monitoring: Scan for the presence of the B64dec binary on systems and monitor for unexpected crashes or shells spawned by the utility.

Compensating Controls: Use sandboxing or containerization when running small utilities that process untrusted input to limit the potential impact of a compromise.

Public Exploit Available: No

Small utilities like B64dec are often overlooked in security audits but can provide a critical foothold for attackers. We recommend replacing this utility with a more secure alternative immediately. If its use is mandatory, ensure it is updated and that it never processes data from untrusted sources without strict input validation.