CVE-2021-30500

Name of the Vulnerable Software and Affected Versions UPX version 4.0.0

Description A null pointer dereference was found in the PackLinuxElf::canUnpack() function in p lx elf.cpp, which can allow attackers to execute arbitrary code and cause a denial of service via a crafted file. This issue may also enable remote attackers to access confidential data, compromise its integrity, and disrupt service.

Recommendations For UPX version 4.0.0, consider disabling the PackLinuxElf::canUnpack() function until a patch is available to prevent potential exploitation. Restrict access to crafted files that could trigger the null pointer dereference to minimize the risk of denial of service or arbitrary code execution.