CVE-2017-16869Improper Restriction of Operations within the Bounds of a Memory Buffer in Upx-ucl

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 50.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Upx-uclUPX
Timeline
PublishedNov 17
Latest updateMay 17

Description

p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

debiandebian/upx-ucl< upx-ucl 3.94-4 (bullseye)
NVDupx/upx3.94

🔴Vulnerability Details

3
GHSA
GHSA-3j3j-cj56-29p8: ** DISPUTED ** p_mach2022-05-17
OSV
CVE-2017-16869: ** DISPUTED ** p_mach2017-11-17
OSV
CVE-2017-16869: p_mach2017-11-17

📋Vendor Advisories

1
Debian
CVE-2017-16869: upx-ucl - p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (inv...2017
CVE-2017-16869 — Debian Upx-ucl vulnerability | cvebase