CVE-2004-0771
published 2004-11-23CVE-2004-0771: Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line…
PriorityP340critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
18.83%
96.9th percentile
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tsugio_okamoto | lha | <= 1.14 | — |
| tsugio_okamoto | lha | — | — |
| tsugio_okamoto | lha | — | — |
| tsugio_okamoto | lha | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-08-11·CVSS 6.8
CVE-2004-0694 [MEDIUM] security flaw
security flaw
Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
Red Hat
security flaw
vendor_redhat·2004-05-15·CVSS 10.0
CVE-2004-0769 [CRITICAL] security flaw
security flaw
Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.
Red Hat
security flaw
vendor_redhat·2004-05-15·CVSS 10.0
CVE-2004-0771 [CRITICAL] security flaw
security flaw
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
GHSA
GHSA-vpgp-fv4q-4fgr: Buffer overflow in the extract_one function from lhext
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0771 [CRITICAL] GHSA-vpgp-fv4q-4fgr: Buffer overflow in the extract_one function from lhext
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
GHSA
GHSA-6446-v6gj-7jm6: Buffer overflow in LHA 1
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0694 [CRITICAL] CWE-119 GHSA-6446-v6gj-7jm6: Buffer overflow in LHA 1
Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
GHSA
GHSA-2mcr-985f-frgr: Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a
ghsa_unreviewed·2022-04-29·CVSS 10.0
CVE-2004-0769 [CRITICAL] GHSA-2mcr-985f-frgr: Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a
Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.
No detection rules found.
Bugzilla
CVE-2004-0694 security flaw
bugzilla·2018-08-16·CVSS 6.8
CVE-2004-0694 [MEDIUM] CVE-2004-0694 security flaw
CVE-2004-0694 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a different vulnerability than CVE-2004-0771. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
Bugzilla
CVE-2004-0769 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-0769 [CRITICAL] CVE-2004-0769 security flaw
CVE-2004-0769 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.
Bugzilla
CVE-2004-0771 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-0771 [CRITICAL] CVE-2004-0771 security flaw
CVE-2004-0771 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
http://bugs.gentoo.org/show_bug.cgi?id=51285http://marc.info/?l=bugtraq&m=108668791510153http://www.gentoo.org/security/en/glsa/glsa-200409-13.xmlhttp://www.redhat.com/support/errata/RHSA-2004-323.htmlhttp://www.redhat.com/support/errata/RHSA-2004-440.htmlhttp://www.securityfocus.com/archive/1/363418http://www.securityfocus.com/bid/10354https://bugzilla.fedora.us/show_bug.cgi?id=1833https://exchange.xforce.ibmcloud.com/vulnerabilities/16196https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595http://bugs.gentoo.org/show_bug.cgi?id=51285http://marc.info/?l=bugtraq&m=108668791510153http://www.gentoo.org/security/en/glsa/glsa-200409-13.xmlhttp://www.redhat.com/support/errata/RHSA-2004-323.htmlhttp://www.redhat.com/support/errata/RHSA-2004-440.htmlhttp://www.securityfocus.com/archive/1/363418http://www.securityfocus.com/bid/10354https://bugzilla.fedora.us/show_bug.cgi?id=1833https://exchange.xforce.ibmcloud.com/vulnerabilities/16196https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595
2004-11-23
Published