Vulnerability Details CVE-2021-43312
A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.4%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2021-43312
-
cpe:2.3:a:upx:upx:-
-
cpe:2.3:a:upx:upx:1.10
-
cpe:2.3:a:upx:upx:1.11
-
cpe:2.3:a:upx:upx:1.90
-
cpe:2.3:a:upx:upx:1.91
-
cpe:2.3:a:upx:upx:1.92
-
cpe:2.3:a:upx:upx:1.93
-
cpe:2.3:a:upx:upx:1.94
-
cpe:2.3:a:upx:upx:1.95
-
cpe:2.3:a:upx:upx:1.96
-
cpe:2.3:a:upx:upx:2.00
-
cpe:2.3:a:upx:upx:2.01
-
cpe:2.3:a:upx:upx:2.90
-
cpe:2.3:a:upx:upx:2.91
-
cpe:2.3:a:upx:upx:2.92
-
cpe:2.3:a:upx:upx:2.93
-
cpe:2.3:a:upx:upx:3.00
-
cpe:2.3:a:upx:upx:3.01
-
cpe:2.3:a:upx:upx:3.02
-
cpe:2.3:a:upx:upx:3.03
-
cpe:2.3:a:upx:upx:3.04
-
cpe:2.3:a:upx:upx:3.05
-
cpe:2.3:a:upx:upx:3.06
-
cpe:2.3:a:upx:upx:3.07
-
cpe:2.3:a:upx:upx:3.08
-
cpe:2.3:a:upx:upx:3.09
-
cpe:2.3:a:upx:upx:3.91
-
cpe:2.3:a:upx:upx:3.92
-
cpe:2.3:a:upx:upx:3.93
-
cpe:2.3:a:upx:upx:3.94
-
cpe:2.3:a:upx:upx:3.95
-
cpe:2.3:a:upx:upx:3.96