Vulnerabilities > CVE-2021-20285 - Out-of-bounds Write vulnerability in UPX Project UPX 3.96

CVSS 8.3 - HIGH

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

COMPLETE

network

upx-project

CWE-787

NVD

Published: 2021-03-26

Updated: 2022-08-05

Summary

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part	Description	Count
Application	Upx_Project UPX Project UPX 3.96	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/upx/upx/issues/421
https://bugzilla.redhat.com/show_bug.cgi?id=1937787