PT-2019-13592 · Upx+1 · Upx+1
Aheroine
·
Published
2019-07-27
·
Updated
2025-04-11
·
CVE-2019-14295
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
UPX version 3.95
Description
The issue is caused by an integer overflow in the getElfSections function, allowing remote attackers to trigger a denial of service by causing the program to crash. This is achieved by providing a skewed offset larger than the size of the PE section in a UPX packed executable, resulting in an allocation of excessive memory.
Recommendations
For UPX version 3.95, consider updating to a newer version that addresses this issue, as the current version can lead to a denial of service due to excessive memory allocation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Upx