cbcvebase.
CVE-2004-0771
published 2004-11-23

CVE-2004-0771: Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line…

PriorityP340critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
18.83%
96.9th percentile
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

Affected

4 ranges
VendorProductVersion rangeFixed in
tsugio_okamotolha<= 1.14
tsugio_okamotolha
tsugio_okamotolha
tsugio_okamotolha

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.