CVE-2021-43317

A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404
References
Link Resource
https://github.com/upx/upx/issues/380 Exploit Issue Tracking Patch
https://github.com/upx/upx/issues/380 Exploit Issue Tracking Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:upx_project:upx:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:29

Type Values Removed Values Added
References () https://github.com/upx/upx/issues/380 - Exploit, Issue Tracking, Patch () https://github.com/upx/upx/issues/380 - Exploit, Issue Tracking, Patch

Information

Published : 2023-03-24 20:15

Updated : 2024-11-21 06:29


NVD link : CVE-2021-43317

Mitre link : CVE-2021-43317

CVE.ORG link : CVE-2021-43317


JSON object : View

Products Affected

upx_project

  • upx
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-787

Out-of-bounds Write