CVE-2004-0234

Name of the Vulnerable Software and Affected Versions LHA versions 1.14 lha package (affected versions not specified)

Description The issue involves multiple vulnerabilities in the LHA package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, multiple stack-based buffer overflows in the get header function in header.c for LHA 1.14 can allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive. This can trigger the overflow when testing or extracting the archive.

Recommendations For LHA version 1.14, consider updating to a newer version that addresses these vulnerabilities. As a temporary workaround, consider restricting the use of the get header function in header.c until a patch is available. Avoid using long directory or file names in LHA archives to minimize the risk of exploitation.