CVE-2004-0694
published 2011-02-04CVE-2004-0694: Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.55%
83.1th percentile
Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tsugio_okamoto | lha | <= 1.14 | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-08-11·CVSS 6.8
CVE-2004-0694 [MEDIUM] security flaw
security flaw
Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
GHSA
GHSA-6446-v6gj-7jm6: Buffer overflow in LHA 1
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0694 [CRITICAL] CWE-119 GHSA-6446-v6gj-7jm6: Buffer overflow in LHA 1
Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
No detection rules found.
No public exploits indexed.
http://www.redhat.com/support/errata/RHSA-2004-323.htmlhttp://www.redhat.com/support/errata/RHSA-2004-440.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9981http://www.redhat.com/support/errata/RHSA-2004-323.htmlhttp://www.redhat.com/support/errata/RHSA-2004-440.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9981
2011-02-04
Published