CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46179
https://notcve.org/view.php?id=CVE-2021-46179
22 Aug 2023 — Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function. La vulnerabilidad de aserción alcanzable en upx antes de 4.0.0 permite a los atacantes causar una denegación de servicio a través de un archivo manipulado pasado a la función readx. • https://github.com/upx/upx/issues/545 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43311
https://notcve.org/view.php?id=CVE-2021-43311
24 Mar 2023 — A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. • https://github.com/upx/upx/issues/380 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43312
https://notcve.org/view.php?id=CVE-2021-43312
24 Mar 2023 — A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. • https://github.com/upx/upx/issues/379 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43313
https://notcve.org/view.php?id=CVE-2021-43313
24 Mar 2023 — A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688. • https://github.com/upx/upx/issues/378 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43314
https://notcve.org/view.php?id=CVE-2021-43314
24 Mar 2023 — A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368 • https://github.com/upx/upx/issues/380 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43315
https://notcve.org/view.php?id=CVE-2021-43315
24 Mar 2023 — A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349 • https://github.com/upx/upx/issues/380 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43316
https://notcve.org/view.php?id=CVE-2021-43316
24 Mar 2023 — A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). • https://github.com/upx/upx/issues/381 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43317
https://notcve.org/view.php?id=CVE-2021-43317
24 Mar 2023 — A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404 • https://github.com/upx/upx/issues/380 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-23457 – Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp
https://notcve.org/view.php?id=CVE-2023-23457
12 Jan 2023 — A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. Se encontró una falla de segmentación en UPX en PackLinuxElf64::invert_pt_dynamic() en p_lx_elf.cpp. Un atacante con un archivo de entrada manipulado permite el acceso a una dirección de memoria no válida que podría provocar una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=2160382 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-23456 – Upx: heap-buffer-overflow in packtmt::pack()
https://notcve.org/view.php?id=CVE-2023-23456
12 Jan 2023 — A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. Se descubrió un problema de desbordamiento de búfer de almacenamiento dinámico en UPX en PackTmt::pack() en el archivo p_tmt.cpp. El flujo permite a un atacante provocar una denegación de servicio (aborto) a través de un archivo manipulado. • https://bugzilla.redhat.com/show_bug.cgi?id=2160381 • CWE-787: Out-of-bounds Write •