CVE-2023-23456

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-23456
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2160381 Issue Tracking Third Party Advisory
https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 Patch Third Party Advisory
https://github.com/upx/upx/issues/632 Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/
https://bugzilla.redhat.com/show_bug.cgi?id=2160381 Issue Tracking Third Party Advisory
https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 Patch Third Party Advisory
https://github.com/upx/upx/issues/632 Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/
Configurations

Configuration 1 (hide)

cpe:2.3:a:upx_project:upx:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
History

21 Nov 2024, 07:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.5 		v2 : unknown
v3 : 5.3
References () https://bugzilla.redhat.com/show_bug.cgi?id=2160381 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2160381 - Issue Tracking, Third Party Advisory
References () https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 - Patch, Third Party Advisory () https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 - Patch, Third Party Advisory
References () https://github.com/upx/upx/issues/632 - Exploit, Third Party Advisory () https://github.com/upx/upx/issues/632 - Exploit, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/ -

19 Apr 2024, 14:15

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema de desbordamiento de búfer de almacenamiento dinámico en UPX en PackTmt::pack() en el archivo p_tmt.cpp. El flujo permite a un atacante provocar una denegación de servicio (aborto) a través de un archivo manipulado.
CWE CWE-122

07 Nov 2023, 04:07

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/', 'name': 'FEDORA-2023-8d91390935', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/', 'name': 'FEDORA-2023-89fdc22ace', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/ -
Information

Published : 2023-01-12 19:15

Updated : 2024-11-21 07:46

NVD link : CVE-2023-23456

Mitre link : CVE-2023-23456

CVE.ORG link : CVE-2023-23456

JSON object : View

Products Affected

upx_project

  • upx

fedoraproject

  • fedora
CWE
CWE-787

Out-of-bounds Write


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024