CVE-2004-0947Improper Restriction of Operations within the Bounds of a Memory Buffer in Software INC Unarj

6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
6.8%
top 8.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ARJ Software INC UnarjSuse Linux
Timeline
PublishedFeb 9
Latest updateApr 29

Description

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDarj_software_inc/unarj4 versions+3
NVDsuse/suse_linux9.0, 9.1, 9.2+2

Patches

Patch: www.gentoo.orgPatch: www.securityfocus.comPatch: www.gentoo.org

🔴Vulnerability Details

2
GHSA
GHSA-xjjv-8746-3g86: Buffer overflow in unarj before 22022-04-29
CVEList
CVE-2004-0947: Buffer overflow in unarj before 22004-11-24

📋Vendor Advisories

2
Red Hat
security flaw2004-11-09
Debian
CVE-2004-0947: arj - Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbi...2004

💬Community

1
Bugzilla
CVE-2004-0947 security flaw2018-08-16
CVE-2004-0947 — ARJ Software INC Unarj vulnerability | cvebase