Vulnerabilities > CVE-2018-11243 - Double Free vulnerability in UPX Project UPX 3.95

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

upx-project

CWE-415

nessus

NVD

Published: 2018-05-18

Updated: 2023-11-07

Summary

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.

Vulnerable Configurations

Part	Description	Count
Application	Upx_Project UPX Project UPX 3.95	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2020-162.NASL
description	This update for ucl fixes the following issues : CVE-2018-11243: Fix remotely triggerable DoS via double free (boo#1094138)
last seen	2020-06-01
modified	2020-06-02
plugin id	133489
published	2020-02-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133489
title	openSUSE Security Update : ucl (openSUSE-2020-162)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2020-162. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(133489); script_version("1.2"); script_cvs_date("Date: 2020/02/07"); script_cve_id("CVE-2018-11243"); script_name(english:"openSUSE Security Update : ucl (openSUSE-2020-162)"); script_summary(english:"Check for the openSUSE-2020-162 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for ucl fixes the following issues : CVE-2018-11243: Fix remotely triggerable DoS via double free (boo#1094138)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1094138" ); script_set_attribute(attribute:"solution", value:"Update the affected ucl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libucl1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libucl1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ucl-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ucl-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/18"); script_set_attribute(attribute:"patch_publication_date", value:"2020/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"libucl1-1.03-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"libucl1-debuginfo-1.03-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ucl-debugsource-1.03-lp151.3.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"ucl-devel-1.03-lp151.3.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libucl1 / libucl1-debuginfo / ucl-debugsource / ucl-devel"); }

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2020-163.NASL
description	This update for upx to version 3.96 fixes the following issues : - CVE-2019-1010048: Fixed a denial of service in PackLinuxElf32::PackLinuxElf32help1() (boo#1141777). - CVE-2019-14296: Fixed a denial of service in canUnpack() (boo#1143839). - CVE-2019-20021: Fixed a heap-based buffer over-read in canUnpack() (boo#1159833). - CVE-2019-20053: Fixed a denial of service in canUnpack() (boo#1159920). - CVE-2018-11243: Fixed a denial of service in PackLinuxElf64::unpack() (boo#1094138). - Update to version 3.96 - Bug fixes: [CVE-2019-1010048, boo#1141777] [CVE-2019-14296, boo#1143839] [CVE-2019-20021, boo#1159833] [CVE-2019-20053, boo#1159920] [CVE-2018-11243 partially - ticket 206 ONLY, boo#1094138] - Update to version 3.95 - Flag --force-pie when ET_DYN main program is not marked as DF_1_PIE - Better compatibility with varying layout of address space on Linux - Support for 4 PT_LOAD layout in ELF generated by binutils-2.31 - bug fixes, particularly better diagnosis of malformed input - bug fixes - see https://github.com/upx/upx/milestone/4
last seen	2020-06-01
modified	2020-06-02
plugin id	133490
published	2020-02-05
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133490
title	openSUSE Security Update : upx (openSUSE-2020-163)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-20CF0743F5.NASL
description	3.96, multiple security fixes. ---- Patch for CVE-2019-20021 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133423
published	2020-02-03
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133423
title	Fedora 30 : upx (2020-20cf0743f5)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2020-67590FBF08.NASL
description	3.96, multiple security fixes. ---- Patch for CVE-2019-20021 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	133535
published	2020-02-07
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133535
title	Fedora 31 : upx (2020-67590fbf08)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References