Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
na/

UPX

8 Versions 21 CVEs

Versions

UPX 3.96

OTHER 1 CVE

upx 4.0.0-git-87b73e5cfdc1+

OTHER 7 CVEs

upx 4.0

OTHER 2 CVEs

Fixed in v3.96.

OTHER 3 CVEs

upx before 4.0.0-git-c6b9e3c62d15

OTHER 7 CVEs

4.2.2

SEMANTIC 1 CVE

4.2.1

SEMANTIC 1 CVE

4.2.0

SEMANTIC 1 CVE

Recent CVEs

CVE-2024-3209

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

MEDIUM Apr 02, 2024

CVE-2021-43313

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.

UNKNOWN Mar 24, 2023

CVE-2021-43312

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.

UNKNOWN Mar 24, 2023

CVE-2021-43317

A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404

UNKNOWN Mar 24, 2023

CVE-2021-43314

A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368

UNKNOWN Mar 24, 2023

CVE-2021-43316

A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().

UNKNOWN Mar 24, 2023

CVE-2021-43315

A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349

UNKNOWN Mar 24, 2023

CVE-2021-43311

A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.

UNKNOWN Mar 24, 2023

CVE-2020-27801

A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.

UNKNOWN Aug 25, 2022

CVE-2020-27796

A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

UNKNOWN Aug 25, 2022