CVE-2004-0235

N/A Unknown

Published: August 18, 2004 Modified: April 16, 2026

Description

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=108422737918885&w=2

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200405-02.xml

Source: cve@mitre.org

http://www.debian.org/security/2004/dsa-515

Source: cve@mitre.org

http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-178.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2004-179.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/10243

Source: cve@mitre.org

Exploit Patch Vendor Advisory

https://bugzilla.fedora.us/show_bug.cgi?id=1833

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/16013

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=108422737918885&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200405-02.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2004/dsa-515

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-178.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2004-179.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/10243

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Patch Vendor Advisory

https://bugzilla.fedora.us/show_bug.cgi?id=1833

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/16013

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10409

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A978

Source: af854a3a-2127-422b-91ae-364da2661108

26 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

10.5%

93th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

stalker redhat f-secure sgi clearswift tsugio_okamoto winzip rarlab