CVE-2021-43317

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions upx (affected versions not specified)

Description A heap-based buffer overflow was discovered in the upx software. The issue arises when the generic pointer 'p' points to an inaccessible address in the get le32() function. This problem is essentially caused by the PackLinuxElf64::elf lookup() function at p lx elf.cpp:5404.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

CVE-2021-43317

OPENSUSE-SU-2023:0088-1

ROSA-SA-2023-2260

Affected Products

Debian

Upx

CVE-2021-43317

Weakness Enumeration

Related Identifiers

Affected Products

References · 57