Shodan
Vulnerabilities
Vulnerable Software
Upx:  >> Upx  >> 4.0.0  Security Vulnerabilities
CVE-2025-2849
A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-03-27
CVE-2024-3209
A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.003
Published
2024-04-02
CVE-2023-23456
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-01-12
CVE-2023-23457
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-01-12
CVE-2020-27796
A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-25
CVE-2020-27797
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-25
CVE-2020-27798
An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-25
CVE-2020-27799
A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-25
CVE-2020-27800
A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-25
CVE-2020-27801
A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-08-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved