AVG-1676 log

Package upx
Status Vulnerable
Severity Medium
Type multiple issues
Affected 3.96-2
Fixed Unknown
Current 3.96-2 [community]
Ticket Create
Created Thu Mar 11 14:56:02 2021
Issue Severity Remote Type Description
CVE-2021-30501 Low No Denial of service
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via...
CVE-2021-30500 Low No Denial of service
A null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code...
CVE-2021-20285 Low No Denial of service
A security issue was found in upx canPack in p_lx_elf.cpp in UPX 3.96 that allows attackers to cause a denial of service (SEGV or buffer overflow, and...
CVE-2020-24119 Medium No Information disclosure
A heap buffer overflow read was discovered in upx 3.96 because the check in p_lx_elf.cpp is not perfect.