Описание
Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatch
- ExploitPatchVendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 1.31 (включая)
cpe:2.3:a:lhaz:lhaz:*:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01993
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message.
EPSS
Процентиль: 83%
0.01993
Низкий
5.1 Medium
CVSS2
Дефекты
NVD-CWE-Other