DescriptionBuffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
|National Vulnerability Database|
SUSE Timeline for this CVECVE page created: Fri Jun 28 00:57:01 2013
CVE page last modified: Fri Oct 7 12:45:28 2022