Vulnerabilities > CVE-2021-20285 - Out-of-bounds Write vulnerability in UPX Project UPX 3.96

CVSS 6.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

HIGH

local

low complexity

upx-project

CWE-787

NVD

Published: 2021-03-26

Updated: 2022-08-05

Summary

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part	Description	Count
Application	Upx_Project UPX Project UPX 3.96	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/upx/upx/issues/421
https://bugzilla.redhat.com/show_bug.cgi?id=1937787