UPX Project UPX (Ultimate Packer for eXecutables) 3.96

CPE Details

UPX Project UPX (Ultimate Packer for eXecutables) 3.96
upx_project
upx
3.96
2020-06-02
11h14 +00:00
2020-06-02
11h14 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:upx_project:upx:3.96:*:*:*:*:*:*:*

Informations

Vendor

upx_project

Product

upx

Version

3.96

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-46179 2023-08-21 22h00 +00:00 Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.
6.5
Medium
CVE-2021-43311 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.
7.5
High
CVE-2021-43312 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
7.5
High
CVE-2021-43313 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.
7.5
High
CVE-2021-43314 2023-03-24 00h00 +00:00 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368
7.5
High
CVE-2021-43315 2023-03-24 00h00 +00:00 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349
7.5
High
CVE-2021-43316 2023-03-24 00h00 +00:00 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().
7.5
High
CVE-2021-43317 2023-03-24 00h00 +00:00 A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404
7.5
High
CVE-2023-23456 2023-01-11 23h00 +00:00 A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
5.5
Medium
CVE-2023-23457 2023-01-11 23h00 +00:00 A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
5.5
Medium
CVE-2021-20285 2021-03-26 15h35 +00:00 A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
6.6
Medium