CVE-2005-3862

Unalz - Buffer Overflow

Title source: rule

Description

Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ulf Harnhammar · perldoslinux

https://www.exploit-db.com/exploits/26601

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21160

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2604

[Exploit, Patch] http://www.securityfocus.com/bid/15577

[Third Party Advisory] http://secunia.com/advisories/18665

[Patch, Vendor Advisory] http://secunia.com/advisories/17774

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23267

[Various Sources] http://www.kipple.pe.kr/win/unalz/

[Vendor Advisory] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842

[Third Party Advisory] http://www.debian.org/security/2006/dsa-959

Scores

EPSS 0.3578

EPSS Percentile 97.1%

Details

Status published

Products (9)

unalz/unalz 0.2

unalz/unalz 0.3

unalz/unalz 0.4

unalz/unalz 0.5

unalz/unalz 0.22

unalz/unalz 0.23

unalz/unalz 0.31

unalz/unalz 0.51

unalz/unalz 0.52

Published Nov 29, 2005

Tracked Since Feb 18, 2026