Buffer Overflow in LHA's extract_one function via long w command line option

Buffer Overflow in LHA's extract_one function via long w command line option

CVE-2004-0771 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

Learn more about our Web Application Penetration Testing UK.