Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-27
An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.
| Products | Upx |
| Type | Integer Overflow or Wraparound (CWE-190) |
| First patch | - None (likely due to unavailable code) |
| Patches | https://github.com/upx/upx/issues/286 |
| Links |
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T52JATXV6NTPTMGXCRGT37H6KXERYNZN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCJ43HTM45GZCAQ2FLEBDNBM76V22RG/ |