CVE-2003-0826

EPSS 27.3%

lsh-utils - buffer overflow, typo

Published: 10/6/2003Modified: 4/28/2026

Description

lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.

Affected packages (2)

Debian/lsh-utilsfrom 0, < 1.4.2-6
Debian/lsh-utilsfrom 0, < 1.2.5-2woody3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2003-0826