Published: 04/02/2011 Updated: 11/10/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Buffer overflow in LHA 1.14 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tsugio okamoto lha

Synopsis lha security update Type/Severity Security Advisory: Important Topic An updated lha package that fixes a buffer overflow is now available Description LHA is an archiving and compression utility for LHarc format archivesLukasz Wojtow discovered a stack-based buffer overflow in all ...

CWE-119 http://www.redhat.com/support/errata/RHSA-2004-323.html http://www.redhat.com/support/errata/RHSA-2004-440.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9981 https://access.redhat.com/errata/RHSA-2004:323 https://nvd.nist.gov

CVE-2004-0694

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect