Shodan
Vulnerabilities
Vulnerable Software
Upx:  >> Upx  Security Vulnerabilities
CVE-2020-27787
A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-18
CVE-2020-27790
A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-18
CVE-2021-30500
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-05-27
CVE-2021-30501
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-05-27
CVE-2020-24119
A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
CVSS Score
7.1
EPSS Score
0.004
Published
2021-05-14
CVE-2021-20285
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
CVSS Score
6.6
EPSS Score
0.002
Published
2021-03-26
CVE-2019-20805
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-06-01
CVE-2019-20051
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-12-27
CVE-2019-20053
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVSS Score
5.5
EPSS Score
0.004
Published
2019-12-27
CVE-2019-20021
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-12-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved