Vulnerabilities > CVE-2020-27790 - Divide By Zero vulnerability in UPX Project UPX

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

upx-project

CWE-369

NVD

Published: 2022-08-18

Updated: 2022-08-23

Summary

A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.

Vulnerable Configurations

Part	Description	Count
Application	Upx_Project UPX Project UPX - UPX Project UPX 1.10 UPX Project UPX 1.11 UPX Project UPX 1.90 UPX Project UPX 1.91 UPX Project UPX 1.92 UPX Project UPX 1.93 UPX Project UPX 1.94 UPX Project UPX 1.95 UPX Project UPX 1.96 UPX Project UPX 2.00 UPX Project UPX 2.01 UPX Project UPX 2.90 UPX Project UPX 2.91 UPX Project UPX 2.92 UPX Project UPX 2.93 UPX Project UPX 3.00 UPX Project UPX 3.01 UPX Project UPX 3.02 UPX Project UPX 3.03 UPX Project UPX 3.04 UPX Project UPX 3.05 UPX Project UPX 3.06 UPX Project UPX 3.07 UPX Project UPX 3.08 UPX Project UPX 3.09 UPX Project UPX 3.91 UPX Project UPX 3.92 UPX Project UPX 3.93 UPX Project UPX 3.94 UPX Project UPX 3.95	31

Common Weakness Enumeration (CWE)

CWE-369 - Divide By Zero

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References