CVE-2004-0771

LHA - Buffer Overflow via Long Working Directory Command Line Option

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0771. PoCs published by Lukasz Wojtow.

AI-analyzed exploit summary This exploit leverages a buffer overflow in LHA's 'extract_one()' function to achieve arbitrary code execution via a return-into-libc technique. It crafts a malicious archive that, when extracted, triggers the vulnerability to execute '/tmp/lhXXXXXX'.

Description

Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Lukasz Wojtow · perlremotelinux
https://www.exploit-db.com/exploits/24120

This exploit leverages a buffer overflow in LHA's 'extract_one()' function to achieve arbitrary code execution via a return-into-libc technique. It crafts a malicious archive that, when extracted, triggers the vulnerability to execute '/tmp/lhXXXXXX'.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: LHA 1.14
No auth needed
Prerequisites: Knowledge of target system's memory addresses for system(), exit(), and the target string
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-323.html
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10354
Issue Tracking x_refsource_misc
http://bugs.gentoo.org/show_bug.cgi?id=51285
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9595
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16196
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/363418
Issue Tracking vendor-advisory x_refsource_fedora
https://bugzilla.fedora.us/show_bug.cgi?id=1833
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200409-13.xml
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-440.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108668791510153

Scores

EPSS 0.1883
EPSS Percentile 96.9%

Details

Status published
Products (3)
tsugio_okamoto/lha 1.14
tsugio_okamoto/lha 1.15
tsugio_okamoto/lha 1.17
Published Nov 23, 2004
Tracked Since Feb 18, 2026