1. Home
  2. CVE Database
  3. CVE-2004-0234
HIGH · 10.0

CVE-2004-0234

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitra...

Vulnerability Description

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
ClearswiftMailsweeper4.0
F-SecureF-Secure Anti-Virus4.51
F-SecureF-Secure For Firewalls6.20
F-SecureF-Secure Internet Security2003
F-SecureF-Secure Personal Express4.5
F-SecureInternet Gatekeeper6.31
RarlabWinrar3.20
RedhatLha1.14i-9
SgiPropack2.4
StalkerCgpmcafee3.2
Tsugio OkamotoLha1.14
WinzipWinzip9.0
RedhatFedora Corecore_1.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2004-0234?

CVE-2004-0234 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitra...

How severe is CVE-2004-0234?

CVE-2004-0234 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0234?

Check the references section above for vendor advisories and patch information. Affected products include: Clearswift Mailsweeper, F-Secure F-Secure Anti-Virus, F-Secure F-Secure For Firewalls, F-Secure F-Secure Internet Security, F-Secure F-Secure Personal Express.