Published: 18/08/2004 Updated: 11/10/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in LHA allows remote malicious users to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla bugzilla

Synopsis lha security update Type/Severity Security Advisory: Important Topic An updated lha package that fixes a buffer overflow is now available Description LHA is an archiving and compression utility for LHarc format archivesLukasz Wojtow discovered a stack-based buffer overflow in all ...

NVD-CWE-Other http://bugs.gentoo.org/show_bug.cgi?id=51285 http://lw.ftw.zamosc.pl/lha-exploit.txt https://bugzilla.fedora.us/show_bug.cgi?id=1833 http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml http://www.redhat.com/support/errata/RHSA-2004-440.html http://www.redhat.com/support/errata/RHSA-2004-323.html http://marc.info/?l=bugtraq&m=108745217504379&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16917 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11047 https://access.redhat.com/errata/RHSA-2004:323 https://nvd.nist.gov

CVE-2004-0769

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect