CVE-2016-2347

Опубликовано: 21 апр. 2017

Источник: debian

Описание

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
lhasa	fixed	0.3.1-1		package

Примечания

http://www.talosintel.com/reports/TALOS-2016-0095/

Связанные уязвимости

CVE-2016-2347

CVSS3: 7.8

ubuntu

почти 9 лет назад

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

CVE-2016-2347

CVSS3: 7.8

nvd

почти 9 лет назад

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.

openSUSE-SU-2016:1029-1

suse-cvrf

почти 10 лет назад

Security update for lhasa

SUSE-SU-2016:1091-1

suse-cvrf

почти 10 лет назад

Security update for lhasa

GHSA-9xgv-x5fv-g6vp

CVSS3: 7.8

github

больше 3 лет назад

Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.