PT-2024-4252 · Upx+1 · Upx+1
Alkaidlx
·
Published
2024-04-02
·
Updated
2025-04-25
·
CVE-2024-3209
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UPX versions up to 4.2.2
Description
A critical issue affects the
get ne64 function of the bele.h file, leading to a heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Recommendations
For UPX versions up to 4.2.2, as a temporary workaround, consider disabling the
get ne64 function until a patch is available. Restrict access to the bele.h file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Heap Based Buffer Overflow
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Upx