Shodan
Vulnerabilities
Vulnerable Software
Upx:  >> Upx  >> 3.94  Security Vulnerabilities
CVE-2023-23456
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-01-12
CVE-2023-23457
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-01-12
CVE-2020-27788
An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-18
CVE-2020-27787
A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-18
CVE-2020-27790
A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-18
CVE-2019-20805
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-06-01
CVE-2017-16869
p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-11-17
CVE-2017-15056
p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().
CVSS Score
7.8
EPSS Score
0.002
Published
2017-10-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved