返回 CVE 瀏覽器

CVE-2004-0769

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1740%

EPSS Percentile10.18th

Published2004年8月18日

Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.

Affected Platforms (CPE)

📦

Mozilla

Bugzilla

All versions

References & Advisories

🔗 http://bugs.gentoo.org/show_bug.cgi?id=51285

🔗 http://lw.ftw.zamosc.pl/lha-exploit.txt

🔗 http://marc.info/?l=bugtraq&m=108745217504379&w=2

🔗 http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml

🔗 http://www.redhat.com/support/errata/RHSA-2004-323.html

🔗 http://www.redhat.com/support/errata/RHSA-2004-440.html

🔗 https://bugzilla.fedora.us/show_bug.cgi?id=1833

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/16917

相關漏洞威脅

CVE-2003-104210.0

SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts...

CVE-2003-104310.0

SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with edit...

CVE-2002-000710.0

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a re...

CVE-2019-10030668.8

Jenkins Bugzilla Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be vi...