Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

lhaplus

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

8
Related CVEsRelated ProductsRelated AssignersReports
8Vulnerabilities found
CVE-2015-0907
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-6.8||MEDIUM
EPSS-2.76% / 84.35%
||
7 Day CHG~0.00%
Published-15 Apr, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive.

Action-Not Available
Vendor-lhaplusn/a
Product-lhaplusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-0906
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-5.8||MEDIUM
EPSS-1.56% / 72.03%
||
7 Day CHG~0.00%
Published-15 Apr, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive.

Action-Not Available
Vendor-lhaplusn/a
Product-lhaplusn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-3158
Assigner-JPCERT/CC
ShareView Details
Assigner-JPCERT/CC
CVSS Score-6.9||MEDIUM
EPSS-0.29% / 21.06%
||
7 Day CHG~0.00%
Published-19 Oct, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

Action-Not Available
Vendor-lhaplusn/a
Product-lhaplusn/a
CVE-2010-2368
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.29% / 21.06%
||
7 Day CHG~0.00%
Published-18 Oct, 2010 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Action-Not Available
Vendor-lhaplusn/a
Product-lhaplusn/a
CVE-2008-2021
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.48% / 87.59%
||
7 Day CHG~0.00%
Published-30 Apr, 2008 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Lhaplus before 1.57 allows remote attackers to execute arbitrary code via a long comment field in a ZOO archive.

Action-Not Available
Vendor-lhaplusn/a
Product-lhaplusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-6175
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.6||MEDIUM
EPSS-3.46% / 87.50%
||
7 Day CHG~0.00%
Published-30 Nov, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to execute arbitrary code via a crafted LZH archive, a different vector than CVE-2007-5048.

Action-Not Available
Vendor-lhaplusn/a
Product-lhaplusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-5048
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.12% / 89.48%
||
7 Day CHG~0.00%
Published-24 Sep, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Lhaplus before 1.55 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.

Action-Not Available
Vendor-lhaplusn/a
Product-lhaplusn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-4033
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-4.76% / 90.73%
||
7 Day CHG~0.00%
Published-09 Aug, 2006 | 22:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize.

Action-Not Available
Vendor-lhaplusn/a
Product-lhaplusn/a