CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0769

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1740%
EPSS Percentile10.18th
PublishedAug 18, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.

Affected Platforms (CPE)

πŸ“¦
Mozilla

Bugzilla

All versions

References & Advisories

πŸ”— http://bugs.gentoo.org/show_bug.cgi?id=51285
πŸ”— http://lw.ftw.zamosc.pl/lha-exploit.txt
πŸ”— http://marc.info/?l=bugtraq&m=108745217504379&w=2
πŸ”— http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml
πŸ”— http://www.redhat.com/support/errata/RHSA-2004-323.html
πŸ”— http://www.redhat.com/support/errata/RHSA-2004-440.html
πŸ”— https://bugzilla.fedora.us/show_bug.cgi?id=1833
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/16917

Related Vulnerabilities

CVE-2003-104210.0

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts...

CVE-2003-104310.0

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with edit...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...

CVE-2019-10030668.8

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi...