EUVD-2020-20298

Malware in sbrugna...

Heap Buffer Overflow

UPX is vulnerable to a heap-based buffer overflow. The vulnerability is due to the variable 'bucket' pointing to an inaccessible address in the function PackLinuxElf32::invertptdynamic at plxelf.cpp which can be exploited by attackers to execute arbitrary code or cause a denial of service...

CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...

CVE-2021-43313

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invertptdynamic at plxelf.cpp:1688...

CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...

CVE-2021-43313

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invertptdynamic at plxelf.cpp:1688...

CVE-2021-43312

CVE-2021-43312 is a heap-based buffer overflow in UPX affecting the Linux ELF packing path, specifically PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. Multiple connected sources (including OSV entries and openSUSE/SUSE advisories) confirm the vulnerability and the affected component, wi...

PT-2023-12430 · Upx +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: upx affected versions not specified Description: A heap-based buffer overflow issue was found in upx. The problem occurs when the variable bucket points to an inaccessible address, triggered in the function PackLinuxElf32::invert pt dynamic a...

CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invertptdynamic at plxelf.cpp:5239...

CVE-2021-43313

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invertptdynamic at plxelf.cpp:1688...

CVE-2021-43313

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invertptdynamic at plxelf.cpp:1688...

SUSE CVE-2020-27787

A Segmentaation fault was found in UPX in invertptdynamic function in plxelf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service...

UBUNTU-CVE-2023-23457

A Segmentation fault was found in UPX in PackLinuxElf64::invertptdynamic in plxelf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service...

DEBIAN-CVE-2020-27796

A heap-based buffer over-read was discovered in the invertptdynamic function in plxelf.cpp in UPX 4.0.0 via a crafted Mach-O file...

CVE-2020-27796

A heap-based buffer over-read was discovered in the invertptdynamic function in plxelf.cpp in UPX 4.0.0 via a crafted Mach-O file...

CVE-2020-27790

A floating point exception issue was discovered in UPX in PackLinuxElf64::invertptdynamic function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability...

Design/Logic Flaw

A Segmentaation fault was found in UPX in invertptdynamic function in plxelf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service...

PT-2022-8862 · Upx +1 · Upx +1

Name of the Vulnerable Software and Affected Versions: UPX affected versions not specified Description: A segmentation fault was found in the invert pt dynamic function in p lx elf.cpp. An attacker with a crafted input file can access invalid memory addresses, potentially leading to a denial of...