upx

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Extendable, high-performance executable packer for several executable formats
Version	4.2.3-1 [extra]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1676	3.96-2		Medium	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2021-30501	AVG-1676	Low	No	Denial of service	An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via...
CVE-2021-30500	AVG-1676	Low	No	Denial of service	A null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code...
CVE-2021-20285	AVG-1676	Low	No	Denial of service	A security issue was found in upx canPack in p_lx_elf.cpp in UPX 3.96 that allows attackers to cause a denial of service (SEGV or buffer overflow, and...
CVE-2020-24119	AVG-1676	Medium	No	Information disclosure	A heap buffer overflow read was discovered in upx 3.96 because the check in p_lx_elf.cpp is not perfect.