A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2160382 | Issue Tracking Patch Third Party Advisory |
https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 | Patch Third Party Advisory |
https://github.com/upx/upx/issues/631 | Exploit Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/ |
Configurations
History
19 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Nov 2023, 04:07
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
23 Jan 2023, 15:06
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-119 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2160382 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/upx/upx/issues/631 - Exploit, Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/ - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 - Patch, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/ - Mailing List, Third Party Advisory | |
First Time |
Fedoraproject
Fedoraproject fedora Upx Project upx Upx Project |
|
CPE | cpe:2.3:a:upx_project:upx:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
22 Jan 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jan 2023, 19:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-12 19:15
Updated : 2024-04-19 14:15
NVD link : CVE-2023-23457
Mitre link : CVE-2023-23457
CVE.ORG link : CVE-2023-23457
JSON object : View
Products Affected
upx_project
- upx
fedoraproject
- fedora
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer