CVE-2018-1000097

CVE-2018-1000097 affects Sharutils’ unshar utility. The buffer-overflow vulnerability in unshar.c (line 75, looks_like_c_code) allows an attacker-controlled input file to cause arbitrary code execution or crash. Debian reports fixes: 4.15.2-2+deb9u1 for Stretch (stable) and 4.14-2+deb8u1 for olds...

CVE-2004-1773

CVE-2004-1773 affects sharutils up to version 4.2.1 and earlier. The issue comprises two buffer overflows: (1) in shar.c related to the length of data returned by the wc command, and (2) in unshar.c. An attacker could exploit these to execute arbitrary code with the privileges of the user running...

CVE-2004-1772

CVE-2004-1772 describes a stack-based overflow in the -o option handling of the GNU sharutils package (version 4.2.1) that can allow a local user to execute arbitrary code. The vulnerability affects the sharutils tooling and has been acknowledged in several advisories (for example RHSA-2005:377)....

CVE-2005-0990

CVE-2005-0990 affects sharutils 4.2.1, specifically unshar.c, where a local user can perform a symlink attack on the unsh.X temporary file to overwrite arbitrary files. This is described across multiple sources (NVD entry for CVE-2005-0990, Debian/OSV references, and Red Hat/CentOS advisories) an...

CVE-2002-0178

The CVE-2002-0178 issue affects the uudecode utility in the GNU Sharutils package prior to version 4.2.1, which does not validate the destination filename against pipes or symbolic links. This can allow a local attacker to overwrite files or escalate privileges by decoding into sensitive or open ...