Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2024-3209
HistoryApr 02, 2024 - 11:15 p.m.

CVE-2024-3209

2024-04-0223:15:55
CWE-122
[email protected]
web.nvd.nist.gov
39
upx
critical
buffer overflow
get_ne64
vdb-259055
disclosure
public exploit

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

5.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.5%

JSON

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected configurations

Vulners
Node
upx_projectupxMatch4.2.0
OR
upx_projectupxMatch4.2.1
OR
upx_projectupxMatch4.2.2
VendorProductVersionCPE
upx_projectupx4.2.0cpe:2.3:a:upx_project:upx:4.2.0:*:*:*:*:*:*:*
upx_projectupx4.2.1cpe:2.3:a:upx_project:upx:4.2.1:*:*:*:*:*:*:*
upx_projectupx4.2.2cpe:2.3:a:upx_project:upx:4.2.2:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "UPX",
    "versions": [
      {
        "version": "4.2.0",
        "status": "affected"
      },
      {
        "version": "4.2.1",
        "status": "affected"
      },
      {
        "version": "4.2.2",
        "status": "affected"
      }
    ]
  }
]

Related

nessus 3
cvelist 1
alpinelinux 1
fedora 3
mageia 1
nvd 1
openvas 2
ubuntucve 1
debiancve 1
nessus
nessus
Fedora 39 : upx (2024-fb0dbe3373)
2024-04-05 00:00:00
Fedora 38 : upx (2024-70ee97033b)
2024-04-12 00:00:00
Fedora 40 : upx (2024-df5322cd61)
2024-04-29 00:00:00
cvelist
cvelist
CVE-2024-3209 UPX bele.h get_ne64 heap-based overflow
2024-04-02 23:00:05
alpinelinux
alpinelinux
CVE-2024-3209
2024-04-02 23:15:55
fedora
fedora
[SECURITY] Fedora 38 Update: upx-4.2.3-1.fc38
2024-04-12 01:15:49
[SECURITY] Fedora 39 Update: upx-4.2.3-1.fc39
2024-04-06 01:42:42
[SECURITY] Fedora 40 Update: upx-4.2.3-1.fc40
2024-04-19 21:39:23
mageia
mageia
Updated upx packages fix security vulnerability
2024-04-15 21:21:57
nvd
nvd
CVE-2024-3209
2024-04-02 23:15:55
openvas
openvas
Fedora: Security Advisory for upx (FEDORA-2024-df5322cd61)
2024-05-27 00:00:00
Mageia: Security Advisory (MGASA-2024-0134)
2024-04-16 00:00:00
ubuntucve
ubuntucve
CVE-2024-3209
2024-04-02 00:00:00
debiancve
debiancve
CVE-2024-3209
2024-04-02 23:15:55

5.2 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:P/I:P/A:P

5.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.5%

JSON
Related for CVE-2024-3209
nessus3cvelist1alpinelinux1fedora3mageia1nvd1openvas2ubuntucve1debiancve1