Description
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
References (5)
Core 5
Core References
Patch vendor-advisory
x_refsource_fedora
https://bugzilla.fedora.us/show_bug.cgi?id=2155
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200410-01.xml
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11298
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-377.html
Scores
EPSS
0.0185
EPSS Percentile
83.2%
Details
Status
published
Products (2)
gnu/sharutils
4.2
gnu/sharutils
4.2.1
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026