Lucene search

GoogleOSV:CVE-2020-27802

HistoryAug 25, 2022 - 8:15 p.m.

CVE-2020-27802

2022-08-2520:15:08

Google

osv.dev

cve-2020-27802

floating point exception

upx 4.0.0

mach-o file

p_lx_elf.cpp

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

CPENameOperatorVersion
upx-ucleq1.25-4
upx-ucleq1.25-5
upxeq3.02
upx-ucleq3.94-2
upxeq3.93
upx-ucleq4.2.2-1
upxeq2.01
upx-ucleq3.07-3
upx-ucleq3.95-2
upx-ucleq3.94-5

Name	Operator	Version
upx-ucl	eq	1.25-4
upx-ucl	eq	1.25-5
upx	eq	3.02
upx-ucl	eq	3.94-2
upx	eq	3.93
upx-ucl	eq	4.2.2-1
upx	eq	2.01
upx-ucl	eq	3.07-3
upx-ucl	eq	3.95-2
upx-ucl	eq	3.94-5

Rows per page:

1-10 of 871

References

github.com/upx/upx/issues/393

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for OSV:CVE-2020-27802