A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
{"nessus": [{"lastseen": "2023-09-06T18:32:14", "description": "The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0031-1 advisory.\n\n - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.\n (CVE-2023-23457)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-24T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : upx (openSUSE-SU-2023:0031-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-23457"], "modified": "2023-09-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:upx", "cpe:/o:novell:opensuse:15.4"], "id": "OPENSUSE-2023-0031-1.NASL", "href": "https://www.tenable.com/plugins/nessus/170493", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2023:0031-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170493);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/06\");\n\n script_cve_id(\"CVE-2023-23457\");\n\n script_name(english:\"openSUSE 15 Security Update : upx (openSUSE-SU-2023:0031-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-\nSU-2023:0031-1 advisory.\n\n - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker\n with a crafted input file allows invalid memory address access that could lead to a denial of service.\n (CVE-2023-23457)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207122\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OY3PZTUNJBOAOSBB3625O5WLS7HRY73I/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fb278643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-23457\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected upx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-23457\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:upx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/SuSE/release');\nif (isnull(os_release) || os_release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar _os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:os_release);\nif (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\n_os_ver = _os_ver[1];\nif (os_release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', os_release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);\n\nvar pkgs = [\n {'reference':'upx-4.0.1-bp154.4.3.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var _cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (rpm_check(release:_release, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'upx');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-07T18:16:16", "description": "The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-89fdc22ace advisory.\n\n - A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. (CVE-2023-23456)\n\n - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.\n (CVE-2023-23457)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-22T00:00:00", "type": "nessus", "title": "Fedora 37 : upx (2023-89fdc22ace)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-23456", "CVE-2023-23457"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:37", "p-cpe:/a:fedoraproject:fedora:upx"], "id": "FEDORA_2023-89FDC22ACE.NASL", "href": "https://www.tenable.com/plugins/nessus/170264", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-89fdc22ace\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170264);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\"CVE-2023-23456\", \"CVE-2023-23457\");\n script_xref(name:\"FEDORA\", value:\"2023-89fdc22ace\");\n\n script_name(english:\"Fedora 37 : upx (2023-89fdc22ace)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-89fdc22ace advisory.\n\n - A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow\n allows an attacker to cause a denial of service (abort) via a crafted file. (CVE-2023-23456)\n\n - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker\n with a crafted input file allows invalid memory address access that could lead to a denial of service.\n (CVE-2023-23457)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-89fdc22ace\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected upx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-23457\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:37\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:upx\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^37([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'upx-4.0.1-2.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'upx');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-07T18:17:55", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8d91390935 advisory.\n\n - A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. (CVE-2023-23456)\n\n - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.\n (CVE-2023-23457)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-01-22T00:00:00", "type": "nessus", "title": "Fedora 36 : upx (2023-8d91390935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-23456", "CVE-2023-23457"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:upx"], "id": "FEDORA_2023-8D91390935.NASL", "href": "https://www.tenable.com/plugins/nessus/170258", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2023-8d91390935\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170258);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\"CVE-2023-23456\", \"CVE-2023-23457\");\n script_xref(name:\"FEDORA\", value:\"2023-8d91390935\");\n\n script_name(english:\"Fedora 36 : upx (2023-8d91390935)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2023-8d91390935 advisory.\n\n - A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow\n allows an attacker to cause a denial of service (abort) via a crafted file. (CVE-2023-23456)\n\n - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker\n with a crafted input file allows invalid memory address access that could lead to a denial of service.\n (CVE-2023-23457)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2023-8d91390935\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected upx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-23457\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:upx\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nvar pkgs = [\n {'reference':'upx-4.0.1-2.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'upx');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:46:04", "description": "The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0088-1 advisory.\n\n - A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability. (CVE-2021-20285)\n\n - Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0.\n That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.\n (CVE-2021-30500)\n\n - An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. (CVE-2021-30501)\n\n - A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. (CVE-2021-43311)\n\n - A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. (CVE-2021-43312)\n\n - A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688. (CVE-2021-43313)\n\n - A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368 (CVE-2021-43314)\n\n - A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349 (CVE-2021-43315)\n\n - A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). (CVE-2021-43316)\n\n - A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404 (CVE-2021-43317)\n\n - A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. (CVE-2023-23456)\n\n - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.\n (CVE-2023-23457)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-04-12T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : upx (openSUSE-SU-2023:0088-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20285", "CVE-2021-30500", "CVE-2021-30501", "CVE-2021-43311", "CVE-2021-43312", "CVE-2021-43313", "CVE-2021-43314", "CVE-2021-43315", "CVE-2021-43316", "CVE-2021-43317", "CVE-2023-23456", "CVE-2023-23457"], "modified": "2023-04-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:upx", "cpe:/o:novell:opensuse:15.4"], "id": "OPENSUSE-2023-0088-1.NASL", "href": "https://www.tenable.com/plugins/nessus/174145", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2023:0088-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(174145);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/19\");\n\n script_cve_id(\n \"CVE-2021-20285\",\n \"CVE-2021-30500\",\n \"CVE-2021-30501\",\n \"CVE-2021-43311\",\n \"CVE-2021-43312\",\n \"CVE-2021-43313\",\n \"CVE-2021-43314\",\n \"CVE-2021-43315\",\n \"CVE-2021-43316\",\n \"CVE-2021-43317\",\n \"CVE-2023-23456\",\n \"CVE-2023-23457\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : upx (openSUSE-SU-2023:0088-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nopenSUSE-SU-2023:0088-1 advisory.\n\n - A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial\n of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via\n a crafted ELF. The highest threat from this vulnerability is to system availability. (CVE-2021-20285)\n\n - Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0.\n That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.\n (CVE-2021-30500)\n\n - An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows\n attackers to cause a denial of service (abort) via a crafted file. (CVE-2021-30501)\n\n - A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an\n inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup()\n at p_lx_elf.cpp:5382. (CVE-2021-43311)\n\n - A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible\n address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at\n p_lx_elf.cpp:5239. (CVE-2021-43312)\n\n - A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible\n address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at\n p_lx_elf.cpp:1688. (CVE-2021-43313)\n\n - A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an\n inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup()\n at p_lx_elf.cpp:5368 (CVE-2021-43314)\n\n - A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an\n inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup()\n at p_lx_elf.cpp:5349 (CVE-2021-43315)\n\n - A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an\n inaccessible address in func get_le64(). (CVE-2021-43316)\n\n - A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an\n inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup()\n at p_lx_elf.cpp:5404 (CVE-2021-43317)\n\n - A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow\n allows an attacker to cause a denial of service (abort) via a crafted file. (CVE-2023-23456)\n\n - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker\n with a crafted input file allows invalid memory address access that could lead to a denial of service.\n (CVE-2023-23457)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1207122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1209765\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1209766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1209767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1209768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1209769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1209770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1209771\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XLSYENIWX7YMHJJKVRBH2CPDXM5X3IW6/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?599e7773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43311\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43316\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-23456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2023-23457\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected upx package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20285\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30500\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:upx\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/SuSE/release');\nif (isnull(os_release) || os_release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar _os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:os_release);\nif (isnull(_os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\n_os_ver = _os_ver[1];\nif (os_release !~ \"^(SUSE15\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.4', os_release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + _os_ver, cpu);\n\nvar pkgs = [\n {'reference':'upx-4.0.2-bp154.4.6.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var _cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (rpm_check(release:_release, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'upx');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2023-12-01T20:44:25", "description": "upx is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the segmentation fault in the `PackLinuxElf64::invert_pt_dynamic()` function of `p_lx_elf.cpp` which leads to invalid memory address access, allowing an attacker to cause an application crash \n", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2023-02-08T18:05:41", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-23457"], "modified": "2023-11-07T21:36:34", "id": "VERACODE:39170", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-39170/summary", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-20T22:43:40", "description": "A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2023-01-12T19:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-23457"], "modified": "2023-01-23T15:06:00", "id": "PRION:CVE-2023-23457", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2023-23457", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "alpinelinux": [{"lastseen": "2023-11-30T17:25:03", "description": "A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2023-01-12T19:15:24", "type": "alpinelinux", "title": "CVE-2023-23457", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-23457"], "modified": "2023-11-07T04:07:43", "id": "ALPINE:CVE-2023-23457", "href": "https://security.alpinelinux.org/vuln/CVE-2023-23457", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-01T13:23:36", "description": "A Segmentation fault was found in UPX in\nPackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a\ncrafted input file allows invalid memory address access that could lead to\na denial of service.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2023-01-12T00:00:00", "type": "ubuntucve", "title": "CVE-2023-23457", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-23457"], "modified": "2023-01-12T00:00:00", "id": "UB:CVE-2023-23457", "href": "https://ubuntu.com/security/CVE-2023-23457", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-11-30T16:58:10", "description": "A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2023-01-12T19:15:24", "type": "cve", "title": "CVE-2023-23457", "cwe": ["CWE-119", "CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-23457"], "modified": "2023-11-07T04:07:43", "cpe": [], "id": "CVE-2023-23457", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23457", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": []}], "fedora": [{"lastseen": "2023-11-30T21:22:02", "description": "UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks. ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2023-01-22T01:47:43", "type": "fedora", "title": "[SECURITY] Fedora 37 Update: upx-4.0.1-2.fc37", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-23456", "CVE-2023-23457"], "modified": "2023-01-22T01:47:43", "id": "FEDORA:F3BC93045B60", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-11-30T21:22:02", "description": "UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks. ", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2023-01-22T01:52:25", "type": "fedora", "title": "[SECURITY] Fedora 36 Update: upx-4.0.1-2.fc36", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-23456", "CVE-2023-23457"], "modified": "2023-01-22T01:52:25", "id": "FEDORA:A804730459B0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-12-02T20:47:31", "description": "Denial of service due to heap-based buffer overflow issue in UPX in PackTmt::pack() in p_tmt.cpp file. (CVE-2023-23456) Denial of service due to segmentation fault in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. (CVE-2023-23457) \n", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}}, "published": "2023-02-21T00:25:36", "type": "mageia", "title": "Updated upx packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-23456", "CVE-2023-23457"], "modified": "2023-02-21T00:25:36", "id": "MGASA-2023-0052", "href": "https://advisories.mageia.org/MGASA-2023-0052.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "rosalinux": [{"lastseen": "2023-12-03T21:44:03", "description": "software: upx 4.0.2\nOS: ROSA-CHROME\n\npackage_evr_string: upx-4.0.2-1.src.rpm\n\nCVE-ID: CVE-2019-20805\nBDU-ID: None\nCVE-Crit: MEDIUM\nCVE-DESC.: p_lx_elf.cpp in UPX before version 3.96 has an integer overflow during unpacking via created values in the PT_DYNAMIC segment. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2020-27787\nBDU-ID: None\nCVE-Crit: MEDIUM\nCVE-DESC.: A segmentation error was detected in UPX in the invert_pt_dynamic() function in p_lx_elf.cpp. An attacker using the created input file allows access to an invalid memory address, which may result in a denial of service. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2020-27788\nBDU-ID: None\nCVE-Crit: MEDIUM\nCVE-DESC.: An out-of-bounds read access vulnerability was discovered in UPX in the PackLinuxElf64::canPack() function of the p_lx_elf.cpp file. An attacker with a crafted input file could cause this issue, which could cause a crash leading to a denial of service. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2020-27790\nBDU-ID: None\nCVE-Crit: MEDIUM\nCVE-DESC.: A floating-point exception problem was discovered in UPX in the PackLinuxElf64::invert_pt_dynamic() function of the p_lx_elf.cpp file. An attacker with a crafted input file can cause this problem, which can cause a crash leading to a denial of service. The biggest impact is accessibility.\n\nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2021-43311\nBDU-ID: None\nCVE-Crit: HIGH\nCVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer \"p\" points to an unreachable address in get_le32(). The problem essentially occurs in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2021-43312\nBDU-ID: None\nCVE-Crit: HIGH\nCVE-DESC.: A heap buffer overflow was detected in upx when the \"bucket\" variable points to an unreachable address. The problem occurs in the PackLinuxElf64::invert_pt_dynamic function at p_lx_elf.cpp:5239. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2021-43313\nBDU-ID: None\nCVE-Crit: HIGH\nCVE-DESC.: A heap buffer overflow was detected in upx when the \"bucket\" variable points to an unreachable address. The problem occurs in the PackLinuxElf32::invert_pt_dynamic function at p_lx_elf.cpp:1688. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2021-43314\nBDU-ID: None\nCVE-Crit: HIGH\nCVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer \"p\" points to an unreachable address in get_le32(). The problem essentially occurs in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2021-43315\nBDU-ID: None\nCVE-Crit: HIGH\nCVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer \"p\" points to an unreachable address in get_le32(). The problem essentially occurs in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2021-43316\nBDU-ID: None\nCVE-Crit: HIGH\nCVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer \"p\" points to an unreachable address in get_le64(). \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2021-43317\nBDU-ID: None\nCVE-Crit: HIGH\nCVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer \"p\" points to an unreachable address in get_le32(). The problem essentially occurs in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2023-23456\nBDU-ID: None\nCVE-Crit: MEDIUM\nCVE-DESC.: A heap buffer overflow problem was discovered in UPX in PackTmt::pack() in p_tmt.cpp. This thread allows an attacker to cause a denial of service (interrupt) using the file created. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n\nCVE-ID: CVE-2023-23457\nBDU-ID: None\nCVE-Crit: MEDIUM\nCVE-DESC.: A segmentation error was detected in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker using a crafted input file allows access to an invalid memory address, which may result in a denial of service. \nCVE-STATUS: Fixed\nCVE-REV: To close, run the command: sudo dnf update upx\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-10-22T05:19:12", "type": "rosalinux", "title": "Advisory ROSA-SA-2023-2260", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20805", "CVE-2020-27787", "CVE-2020-27788", "CVE-2020-27790", "CVE-2021-43311", "CVE-2021-43312", "CVE-2021-43313", "CVE-2021-43314", "CVE-2021-43315", "CVE-2021-43316", "CVE-2021-43317", "CVE-2023-23456", "CVE-2023-23457"], "modified": "2023-10-22T05:19:12", "id": "ROSA-SA-2023-2260", "href": "https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2260", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
CVE-2023-23457
