Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-515
HistoryJun 05, 2004 - 12:00 a.m.

lha - several vulnerabilities

2004-06-0500:00:00
Google
osv.dev
8

0.934 High

EPSS

Percentile

99.1%

JSON

Two vulnerabilities were discovered in lha:

  • CAN-2004-0234 - Multiple stack-based buffer overflows in the
    get_header function in header.c for LHA 1.14 allow remote attackers
    or local users to execute arbitrary code via long directory or file
    names in an LHA archive, which triggers the overflow when testing
    or extracting the archive.

  • CAN-2004-0235 - Multiple directory traversal vulnerabilities in LHA
    1.14 allow remote attackers or local users to create arbitrary
    files via an LHA archive containing filenames with (1) … sequences
    or (2) absolute pathnames with double leading slashes
    (“//absolute/path”).

For the current stable distribution (woody), these problems have been
fixed in version 1.14i-2woody1.

For the unstable distribution (sid), these problems have been fixed in
version 1.14i-8.

We recommend that you update your lha package.

Related

nessus 7
openvas 8
slackware 1
securityvulns 5
exploitpack 1
seebug 1
debian 1
altlinux 1
redhat 1
gentoo 1
freebsd 1
exploitdb 1
nvd 2
ubuntucve 2
cvelist 2
suse 2
checkpoint_advisories 1
cve 2
cert 1
nessus
nessus
Slackware 8.1 / 9.0 / 9.1 / current : lha update in bin package (SSA:2004-125-01)
2005-07-13 00:00:00
FreeBSD : lha buffer overflows and path traversal issues (90)
2004-07-06 00:00:00
Fedora Core 1 : lha-1.14i-12.1 (2004-119)
2004-07-23 00:00:00
openvas
openvas
FreeBSD Ports: lha
2008-09-04 00:00:00
Slackware: Security Advisory (SSA:2004-125-01)
2012-09-10 00:00:00
Gentoo Security Advisory GLSA 200405-02 (lha)
2008-09-24 00:00:00
slackware
slackware
lha update in bin package
2004-05-04 16:34:52
securityvulns
securityvulns
[Full-Disclosure] [RHSA-2004:179-01] An updated LHA package fixes security vulnerabilities
2004-04-30 00:00:00
[Full-Disclosure] LHa buffer overflows and directory traversal problems
2004-05-02 00:00:00
SUSE Security Announcement: Live CD 9.1 (SuSE-SA:2004:011)
2004-05-07 00:00:00
exploitpack
exploitpack
LHA 1.x - Remote Buffer Overflow Directory Traversal
2004-04-30 00:00:00
seebug
seebug
LHA 1.x - Buffer Overflow/Directory Traversal Vulnerabilities
2014-07-01 00:00:00
debian
debian
[SECURITY] [DSA 515-1] New lha packages fix several vulnerabilities
2004-06-05 20:39:22
altlinux
altlinux
Security fix for the ALT Linux 6 package lha version 2:1.14i-alt1
2004-05-08 00:00:00
redhat
redhat
(RHSA-2004:178) lha security update
2004-05-26 00:00:00
gentoo
gentoo
Multiple vulnerabilities in LHa
2004-05-09 00:00:00
freebsd
freebsd
lha buffer overflows and path traversal issues
2004-04-29 00:00:00
exploitdb
exploitdb
LHA 1.x - Remote Buffer Overflow / Directory Traversal
2004-04-30 00:00:00
nvd
nvd
CVE-2004-0234
2004-08-18 04:00:00
CVE-2004-0235
2004-08-18 04:00:00
ubuntucve
ubuntucve
CVE-2004-0234
2004-08-18 00:00:00
CVE-2004-0235
2004-08-18 00:00:00
cvelist
cvelist
CVE-2004-0234
2004-05-05 04:00:00
CVE-2004-0235
2004-05-05 04:00:00
suse
suse
remote root access in Live CD 9.1
2004-05-06 20:51:52
privilege escalation, local DoS in Linux Kernel
2004-05-04 00:48:08
checkpoint_advisories
checkpoint_advisories
F-Secure Anti-Virus LHA Processing Buffer Overflow (CVE-2004-0234)
2009-12-22 00:00:00
cve
cve
CVE-2004-0234
2004-08-18 04:00:00
CVE-2004-0235
2004-08-18 04:00:00
cert
cert
Lhaca buffer overflow vulnerability
2007-07-06 00:00:00

0.934 High

EPSS

Percentile

99.1%

JSON
Related for OSV:DSA-515
nessus7openvas8slackware1securityvulns5exploitpack1seebug1debian1altlinux1redhat1gentoo1freebsd1exploitdb1nvd2ubuntucve2cvelist2suse2checkpoint_advisories1cve2cert1