CVE-2021-30500 - log back

CVE-2021-30500 edited at 27 May 2021 09:46:49
References
https://bugzilla.redhat.com/show_bug.cgi?id=1948696
- https://github.com/upx/upx/issues/48
+ https://github.com/upx/upx/issues/485
https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
CVE-2021-30500 edited at 12 Apr 2021 18:56:13
Description
- An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
+ A null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1948696
- https://github.com/upx/upx/issues/486
+ https://github.com/upx/upx/issues/48
+ https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
- https://github.com/upx/upx/pull/487
- https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46
CVE-2021-30500 edited at 12 Apr 2021 18:54:23
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1948696
+ https://github.com/upx/upx/issues/486
+ https://github.com/upx/upx/pull/487
+ https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46
CVE-2021-30500 created at 12 Apr 2021 18:53:19
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes