CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43311
https://notcve.org/view.php?id=CVE-2021-43311
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. • https://github.com/upx/upx/issues/380 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43316
https://notcve.org/view.php?id=CVE-2021-43316
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). • https://github.com/upx/upx/issues/381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43314
https://notcve.org/view.php?id=CVE-2021-43314
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368 • https://github.com/upx/upx/issues/380 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-23456 – Upx: heap-buffer-overflow in packtmt::pack()
https://notcve.org/view.php?id=CVE-2023-23456
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. Se descubrió un problema de desbordamiento de búfer de almacenamiento dinámico en UPX en PackTmt::pack() en el archivo p_tmt.cpp. El flujo permite a un atacante provocar una denegación de servicio (aborto) a través de un archivo manipulado. • https://bugzilla.redhat.com/show_bug.cgi?id=2160381 https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 https://github.com/upx/upx/issues/632 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-23457 – Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp
https://notcve.org/view.php?id=CVE-2023-23457
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. Se encontró una falla de segmentación en UPX en PackLinuxElf64::invert_pt_dynamic() en p_lx_elf.cpp. Un atacante con un archivo de entrada manipulado permite el acceso a una dirección de memoria no válida que podría provocar una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2160382 https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 https://github.com/upx/upx/issues/631 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •