) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:upx_project:upx:4.0.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2023-23457 |
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. Published: January 12, 2023; 2:15:24 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2023-23456 |
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. Published: January 12, 2023; 2:15:24 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2020-27802 |
An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. Published: August 25, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2020-27801 |
A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. Published: August 25, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2020-27800 |
A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. Published: August 25, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2020-27799 |
A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file. Published: August 25, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2020-27798 |
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. Published: August 25, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2020-27797 |
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. Published: August 25, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2020-27796 |
A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. Published: August 25, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2021-30501 |
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. Published: May 26, 2021; 8:15:08 PM -0400 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-30500 |
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file. Published: May 26, 2021; 8:15:08 PM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2020-24119 |
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. Published: May 14, 2021; 5:15:07 PM -0400 |
V4.0:(not available) V3.1: 7.1 HIGH V2.0: 5.8 MEDIUM |