CVE-2004-0234

N/A Unknown

Published: August 18, 2004 Modified: April 16, 2026

Description

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108422737918885&w=2

Source: cve@mitre.org

http://secunia.com/advisories/19514

Source: cve@mitre.org

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200405-02.xml

Source: cve@mitre.org

http://securitytracker.com/id?1015866

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-515

Source: cve@mitre.org

http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt

Source: cve@mitre.org

http://www.osvdb.org/5753

Source: cve@mitre.org

http://www.osvdb.org/5754

Source: cve@mitre.org

http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-178.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-179.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/10243

Source: cve@mitre.org

Exploit Patch Vendor Advisory

http://www.vupen.com/english/advisories/2006/1220

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.fedora.us/show_bug.cgi?id=1833

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/16012

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=108422737918885&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/19514

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200405-02.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1015866

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-515

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/5753

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/5754

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-178.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-179.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/10243

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch Vendor Advisory

http://www.vupen.com/english/advisories/2006/1220

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.fedora.us/show_bug.cgi?id=1833

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/16012

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881

Source: af854a3a-2127-422b-91ae-364da2661108

42 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

8.5%

92th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-119

Affected Vendors

stalker redhat f-secure sgi clearswift tsugio_okamoto winzip rarlab

Related CVEs

CVE-2026-6848 5.4

CVE-2026-33601 4.4

CVE-2026-33600 4.4

CVE-2026-33262 5.9

CVE-2026-33261 5.9