FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
273cc1a3-0d6b-11d9-8a8a-000c41e2cdadlha -- numerous vulnerabilities when extracting archives

Source code reviews of lha by Lukasz Wojtow, Thomas Biege, and others uncovered a number of vulnerabilities affecting lha:

  • Buffer overflows when handling archives and filenames. (CVE-2004-0694)
  • Possible command execution via shell meta-characters when built with NOMKDIR. (CVE-2004-0745)
  • Buffer overflow resulting in arbitrary code execution when handling long pathnames in LHZ archives. (CVE-2004-0769)
  • Buffer overflow in the extract_one. (CVE-2004-0771)

Discovery 2004-05-17
Entry 2004-09-23
lha
< 1.14i_6

CVE-2004-0694
CVE-2004-0745
CVE-2004-0769
CVE-2004-0771
http://marc.theaimsgroup.com/?l=bugtraq&m=108464470103227
http://marc.theaimsgroup.com/?l=bugtraq&m=108668791510153
http://bugs.gentoo.org/show_bug.cgi?id=51285
http://xforce.iss.net/xforce/xfdb/16196
10354