Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2005-3862

Published: 29/11/2005 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Unalz

Vulnerability Summary

Buffer overflow in unalz prior to 0.53 allows remote malicious users to execute arbitrary code via long file names in ALZ archives.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

unalz unalz 0.31

unalz unalz 0.4

unalz unalz 0.2

unalz unalz 0.22

unalz unalz 0.52

unalz unalz 0.23

unalz unalz 0.3

unalz unalz 0.5

unalz unalz 0.51

Vendor Advisories

Debian CVElist Bug Report Logs: unalz: buffer overflow when extracting archives
Debian Bug report logs - #340842 unalz: buffer overflow when extracting archives Package: unalz; Maintainer for unalz is Debian Korean L10N <debian-l10n-korean@listsdebianorg>; Source for unalz is src:unalz (PTS, buildd, popcon) Reported by: metaur@teliacom Date: Sat, 26 Nov 2005 10:48:02 UTC Severity: grave Tags: patc ...
Debian Security Advisories: DSA-959-1 unalz -- buffer overflow
Ulf Härnhammar from the Debian Security Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive The old stable distribution (woody) does not contain unalz For the stable distribution ...

Exploits

Exploit DB: Unalz 0.x - Archive Filename Buffer Overflow
source: wwwsecurityfocuscom/bid/15577/info The 'unalz' utility is prone to a buffer-overflow vulnerability This issue is exposed when the application extracts an ALZ archive that contains a file with a long name An attacker could exploit this vulnerability to execute arbitrary code in the context of the user who extracts a malicious ar ...

References

NVD-CWE-Otherhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842http://www.kipple.pe.kr/win/unalz/http://www.securityfocus.com/bid/15577http://secunia.com/advisories/17774http://www.debian.org/security/2006/dsa-959http://secunia.com/advisories/18665http://www.osvdb.org/21160http://www.vupen.com/english/advisories/2005/2604https://exchange.xforce.ibmcloud.com/vulnerabilities/23267https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842https://nvd.nist.govhttps://www.exploit-db.com/exploits/26601/https://www.debian.org/security/./dsa-959
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook