Unrated severityNVD Advisory· Published Oct 6, 2003· Updated Apr 16, 2026

CVE-2003-0826

Description

lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.

Affected products

GNU/Lsh3 versions
cpe:2.3:a:gnu:lsh:1.4:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:gnu:lsh:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:lsh:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:lsh:1.4.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.debian.org/211662nvd
lists.grok.org.uk/pipermail/full-disclosure/2003-September/010496.htmlnvd
lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.htmlnvd
marc.infonvd
marc.infonvd
www.debian.org/security/2005/dsa-717nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.022
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000