Shodan
Vulnerabilities
Vulnerable Software
Upx:  >> Upx  >> 3.95  Security Vulnerabilities
CVE-2023-23456
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-01-12
CVE-2023-23457
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-01-12
CVE-2020-27788
An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-18
CVE-2020-27787
A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-18
CVE-2020-27790
A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-18
CVE-2019-20805
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-06-01
CVE-2019-20051
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-12-27
CVE-2019-20053
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-12-27
CVE-2019-20021
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-12-27
CVE-2019-14295
An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-07-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved