Show filters
33 Total Results
Displaying 1-10 of 33
Sort by:
Attacker Value
Unknown

CVE-2021-46179

Disclosure Date: August 22, 2023 (last updated October 08, 2023)
Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.
Attacker Value
Unknown

CVE-2021-43317

Disclosure Date: March 24, 2023 (last updated October 08, 2023)
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404
Attacker Value
Unknown

CVE-2021-43316

Disclosure Date: March 24, 2023 (last updated October 08, 2023)
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().
Attacker Value
Unknown

CVE-2021-43315

Disclosure Date: March 24, 2023 (last updated October 08, 2023)
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349
Attacker Value
Unknown

CVE-2021-43314

Disclosure Date: March 24, 2023 (last updated October 08, 2023)
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368
Attacker Value
Unknown

CVE-2021-43313

Disclosure Date: March 24, 2023 (last updated October 08, 2023)
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.
Attacker Value
Unknown

CVE-2021-43312

Disclosure Date: March 24, 2023 (last updated October 08, 2023)
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
Attacker Value
Unknown

CVE-2021-43311

Disclosure Date: March 24, 2023 (last updated October 08, 2023)
A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.
Attacker Value
Unknown

CVE-2023-23457

Disclosure Date: January 12, 2023 (last updated April 19, 2024)
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
Attacker Value
Unknown

CVE-2023-23456

Disclosure Date: January 12, 2023 (last updated April 19, 2024)
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.