Home > Vulnerability Database > CVE-2004-0234

Mend.io Vulnerability Database

CVE-2004-0234

Date: May 4, 2004

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

Severity Score

9.8

Related Resources (24)

Url: http://www.vupen.com/english/advisories/2006/1220

Url: http://www.guay-leroux.com/projects/barracuda-advisory-LHA.txt

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A977

Url: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840

Url: http://www.redhat.com/support/errata/RHSA-2004-178.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/16012

Url: http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020778.html

Url: http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2004-0234

Url: http://secunia.com/advisories/19514

Url: http://www.osvdb.org/5754

Url: http://www.osvdb.org/5753

Url: http://securitytracker.com/id?1015866

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9881

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2004-0234

Url: http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00005.html

Url: http://www.redhat.com/support/errata/RHSA-2004-179.html

Url: http://www.securityfocus.com/bid/10243

Url: http://security.gentoo.org/glsa/glsa-200405-02.xml

Url: http://www.debian.org/security/2004/dsa-515

Url: http://marc.info/?l=bugtraq&m=108422737918885&w=2

Url: http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/020776.html

Url: https://bugzilla.fedora.us/show_bug.cgi?id=1833

Url: https://www.mend.io/vulnerability-database/CVE-2004-0234

Severity Score

9.8

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	10.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2004-0234

Date: May 4, 2004

Severity Score

Related Resources (24)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?