A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.
References
Link | Resource |
---|---|
https://cwe.mitre.org/data/definitions/126.html | Technical Description |
https://github.com/upx/upx/issues/388 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE54WKVU7MATB4WZD3MJFBAHFRJ3NTQX/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSQRO7YC72PSYDQG4PQLQYXZTZE3B4YV/ |
Configurations
History
07 Nov 2023, 03:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
26 Oct 2022, 13:48
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cwe.mitre.org/data/definitions/126.html - Technical Description |
10 Jul 2022, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 May 2021, 19:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JE54WKVU7MATB4WZD3MJFBAHFRJ3NTQX/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSQRO7YC72PSYDQG4PQLQYXZTZE3B4YV/ - Mailing List, Third Party Advisory |
27 May 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
19 May 2021, 03:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:upx_project:upx:4.0.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 7.1 |
References | (CONFIRM) https://github.com/upx/upx/issues/388 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
CWE | CWE-125 |
14 May 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-14 21:15
Updated : 2023-12-10 13:55
NVD link : CVE-2020-24119
Mitre link : CVE-2020-24119
CVE.ORG link : CVE-2020-24119
JSON object : View
Products Affected
fedoraproject
- fedora
upx_project
- upx
CWE
CWE-125
Out-of-bounds Read