Lucene search

[email protected]CVE-2006-4116

HistoryAug 14, 2006 - 9:04 p.m.

CVE-2006-4116

2006-08-1421:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4116

lhaz

buffer overflow

arbitrary code execution

nvd

7.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.8%

JSON

Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message.

CPENameOperatorVersion
lhaz:lhazlhazle1.31

CPE	Name	Operator	Version
lhaz:lhaz	lhaz	le	1.31

References

secunia.com/advisories/21348

securityreason.com/securityalert/1378

vuln.sg/lhaz131-en.html

www.chitora.jp/lhaz.html

www.securityfocus.com/archive/1/442445/100/0/threaded

www.securityfocus.com/bid/19377

www.vupen.com/english/advisories/2006/3173

exchange.xforce.ibmcloud.com/vulnerabilities/28282

exchange.xforce.ibmcloud.com/vulnerabilities/28283

7.8 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for CVE-2006-4116

cve1 prion1