Aheroine

**Name of the Vulnerable Software and Affected Versions** UPX version 3.95 **Description** The issue is caused by an integer overflow in the getElfSections function, allowing remote attackers to trigger a denial of service by causing the program to crash. This is achieved by providing a skewed offset larger than the size of the PE section in a UPX packed executable, resulting in an allocation of excessive memory. **Recommendations** For UPX version 3.95, consider updating to a newer version that addresses this issue, as the current version can lead to a denial of service due to excessive memory allocation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** UPX version 3.95 **Description** The issue allows remote attackers to cause a denial of service, which may result in a SEGV or buffer overflow, and application crash, via a crafted UPX packed file. The `canUnpack` function in `p vmlinx.cpp` is affected. **Recommendations** For UPX version 3.95, consider avoiding the use of the `canUnpack` function in `p vmlinx.cpp` until a patch is available. As a temporary workaround, restrict the handling of crafted UPX packed files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.