Lucene search

GoogleOSV:CVE-2020-27801

HistoryAug 25, 2022 - 8:15 p.m.

CVE-2020-27801

2022-08-2520:15:08

Google

osv.dev

cve-2020-27801

heap-based buffer over-read

get_le64 function

upx 4.0.0

mach-o file

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.

CPENameOperatorVersion
upx-ucleq1.25-4
upx-ucleq1.25-5
upxeq3.02
upx-ucleq3.94-2
upxeq3.93
upx-ucleq4.2.2-1
upxeq2.01
upx-ucleq3.07-3
upx-ucleq3.95-2
upx-ucleq3.94-5

Name	Operator	Version
upx-ucl	eq	1.25-4
upx-ucl	eq	1.25-5
upx	eq	3.02
upx-ucl	eq	3.94-2
upx	eq	3.93
upx-ucl	eq	4.2.2-1
upx	eq	2.01
upx-ucl	eq	3.07-3
upx-ucl	eq	3.95-2
upx-ucl	eq	3.94-5

Rows per page:

1-10 of 871

References

github.com/upx/upx/issues/394

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.8%

JSON

Related for OSV:CVE-2020-27801