CVE-2018-11243

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UPX version 3.95

Description The issue allows remote attackers to cause a denial of service, limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file. This is due to a double free error in the PackLinuxElf64::unpack function in p lx elf.cpp.

Recommendations For UPX version 3.95, consider updating to a newer version that addresses this issue, as the current version may allow for denial of service or other unspecified impacts due to the double free error in the PackLinuxElf64::unpack function.

Exploit

Fix

DoS

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-415

Related Identifiers

ALT-PU-2020-2910

ALT-PU-2020-2930

CVE-2018-11243

MGASA-2020-0096

OPENSUSE-SU-2020:0162-1

OPENSUSE-SU-2020:0163-1

OPENSUSE-SU-2020:0179-1

OPENSUSE-SU-2020:0180-1

OPENSUSE-SU-2020_0162-1

OPENSUSE-SU-2020_0163-1

OPENSUSE-SU-2024:11477-1

OPENSUSE-SU-2024:11486-1

Affected Products

Alt Linux

Suse

Upx

CVE-2018-11243

Weakness Enumeration

Related Identifiers

Affected Products

References · 97