UPX Project UPX (Ultimate Packer for eXecutables) 3.03

CPE Details

UPX Project UPX (Ultimate Packer for eXecutables) 3.03
upx_project
upx
3.03
2019-10-17
10h34 +00:00
2019-10-17
10h34 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:upx_project:upx:3.03:*:*:*:*:*:*:*

Informations

Vendor

upx_project

Product

upx

Version

3.03

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-46179 2023-08-21 22h00 +00:00 Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.
6.5
Medium
CVE-2021-43311 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.
7.5
High
CVE-2021-43312 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
7.5
High
CVE-2021-43313 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.
7.5
High
CVE-2021-43314 2023-03-24 00h00 +00:00 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368
7.5
High
CVE-2021-43315 2023-03-24 00h00 +00:00 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349
7.5
High
CVE-2021-43316 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().
7.5
High
CVE-2021-43317 2023-03-24 00h00 +00:00 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404
7.5
High
CVE-2023-23456 2023-01-11 23h00 +00:00 A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
5.5
Medium
CVE-2023-23457 2023-01-11 23h00 +00:00 A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
5.5
Medium
CVE-2020-27788 2022-08-18 17h05 +00:00 An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.
5.5
Medium
CVE-2020-27790 2022-08-18 16h57 +00:00 A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
5.5
Medium
CVE-2020-27787 2022-08-18 16h34 +00:00 A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
5.5
Medium
CVE-2019-20805 2020-06-01 11h50 +00:00 p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
5.5
Medium