ROSA LABROSA-SA-2023-2260Advisory ROSA-SA-2023-2260
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.0%
software: upx 4.0.2
OS: ROSA-CHROME
package_evr_string: upx-4.0.2-1.src.rpm
CVE-ID: CVE-2019-20805
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: p_lx_elf.cpp in UPX before version 3.96 has an integer overflow during unpacking via created values in the PT_DYNAMIC segment.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2020-27787
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A segmentation error was detected in UPX in the invert_pt_dynamic() function in p_lx_elf.cpp. An attacker using the created input file allows access to an invalid memory address, which may result in a denial of service.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2020-27788
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An out-of-bounds read access vulnerability was discovered in UPX in the PackLinuxElf64::canPack() function of the p_lx_elf.cpp file. An attacker with a crafted input file could cause this issue, which could cause a crash leading to a denial of service.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2020-27790
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A floating-point exception problem was discovered in UPX in the PackLinuxElf64::invert_pt_dynamic() function of the p_lx_elf.cpp file. An attacker with a crafted input file can cause this problem, which can cause a crash leading to a denial of service. The biggest impact is accessibility.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2021-43311
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer “p” points to an unreachable address in get_le32(). The problem essentially occurs in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2021-43312
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A heap buffer overflow was detected in upx when the “bucket” variable points to an unreachable address. The problem occurs in the PackLinuxElf64::invert_pt_dynamic function at p_lx_elf.cpp:5239.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2021-43313
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A heap buffer overflow was detected in upx when the “bucket” variable points to an unreachable address. The problem occurs in the PackLinuxElf32::invert_pt_dynamic function at p_lx_elf.cpp:1688.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2021-43314
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer “p” points to an unreachable address in get_le32(). The problem essentially occurs in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2021-43315
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer “p” points to an unreachable address in get_le32(). The problem essentially occurs in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2021-43316
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer “p” points to an unreachable address in get_le64().
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2021-43317
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A heap buffer overflow was detected in upx when the shared pointer “p” points to an unreachable address in get_le32(). The problem essentially occurs in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2023-23456
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A heap buffer overflow problem was discovered in UPX in PackTmt::pack() in p_tmt.cpp. This thread allows an attacker to cause a denial of service (interrupt) using the file created.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
CVE-ID: CVE-2023-23457
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A segmentation error was detected in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker using a crafted input file allows access to an invalid memory address, which may result in a denial of service.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update upx
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.0%