1. CVE-Search
  2. CVE-2006-4116
ID CVE-2006-4116
Summary Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message. This vulnerability is addressed in the following product release: Lhaz, Lhaz, 1.32
References
Vulnerable Configurations
  • cpe:2.3:a:lhaz:lhaz:*:*:*:*:*:*:*:*
    cpe:2.3:a:lhaz:lhaz:*:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 17-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 19377
bugtraq 20060807 [vuln.sg] Lhaz LHA Long Filename Buffer Overflow Vulnerability
confirm http://www.chitora.jp/lhaz.html
misc http://vuln.sg/lhaz131-en.html
secunia 21348
sreason 1378
vupen ADV-2006-3173
xf
  • lhaz-error-bo(28283)
  • lhaz-long-filename-bo(28282)
Last major update 17-10-2018 - 21:33
Published 14-08-2006 - 21:04
Last modified 17-10-2018 - 21:33
Back to Top