Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD273CC1A3-0D6B-11D9-8A8A-000C41E2CDAD
HistoryMay 17, 2004 - 12:00 a.m.

lha -- numerous vulnerabilities when extracting archives

2004-05-1700:00:00
vuxml.freebsd.org
21

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.128

Percentile

95.5%

JSON

Source code reviews of lha by Lukasz Wojtow, Thomas Biege,
and others uncovered a number of vulnerabilities affecting
lha:

Buffer overflows when handling archives and filenames.
(CVE-2004-0694)
Possible command execution via shell meta-characters when
built with NOMKDIR. (CVE-2004-0745)
Buffer overflow resulting in arbitrary code execution when
handling long pathnames in LHZ archives. (CVE-2004-0769)
Buffer overflow in the extract_one. (CVE-2004-0771)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchlha< 1.14i_6UNKNOWN

Related

openvas 4
nessus 7
gentoo 1
redhat 2
cve 4
nvd 4
cvelist 4
ubuntucve 4
exploitdb 1
openvas
openvas
FreeBSD Ports: lha
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200409-13 (lha)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200409-13 (lha)
2008-09-24 00:00:00
nessus
nessus
Fedora Core 1 : lha-1.14i-12.2 (2004-294)
2004-09-09 00:00:00
FreeBSD : lha -- numerous vulnerabilities when extracting archives (273cc1a3-0d6b-11d9-8a8a-000c41e2cdad)
2009-04-23 00:00:00
RHEL 3 : lha (RHSA-2004:323)
2004-09-01 00:00:00
gentoo
gentoo
LHa: Multiple vulnerabilities
2004-09-08 00:00:00
redhat
redhat
(RHSA-2004:440) lha security update
2004-09-07 00:00:00
(RHSA-2004:323) lha security update
2004-09-01 00:00:00
cve
cve
CVE-2004-0694
2011-02-04 01:00:02
CVE-2004-0771
2004-11-23 05:00:00
CVE-2004-0769
2004-08-18 04:00:00
nvd
nvd
CVE-2004-0694
2011-02-04 01:00:02
CVE-2004-0771
2004-11-23 05:00:00
CVE-2004-0769
2004-08-18 04:00:00
cvelist
cvelist
CVE-2004-0694
2011-02-04 00:00:00
CVE-2004-0769
2004-08-04 04:00:00
CVE-2004-0771
2004-08-05 04:00:00
ubuntucve
ubuntucve
CVE-2004-0694
2011-02-04 00:00:00
CVE-2004-0771
2004-11-23 00:00:00
CVE-2004-0769
2004-08-18 00:00:00
exploitdb
exploitdb
LHA 1.x - &#039;extract_one&#039; Multiple Buffer Overflow Vulnerabilities
2004-05-19 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.128

Percentile

95.5%

JSON
Related for 273CC1A3-0D6B-11D9-8A8A-000C41E2CDAD
openvas4nessus7gentoo1redhat2cve4nvd4cvelist4ubuntucve4exploitdb1