CVE-2019-20053 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Backports

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation9 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 41.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Opensuse Backports Opensuse Leap UPX

Timeline

PublishedDec 27

Latest updateMay 24

Description

An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDupx/upx3.95

▶NVDopensuse/leap15.1

▶NVDopensuse/backportssle-15

🔴Vulnerability Details

GHSA

GHSA-phmx-286h-jcc3: An invalid memory address dereference was discovered in the canUnpack function in p_mach↗2022-05-24

▶

OSV

CVE-2019-20053: An invalid memory address dereference was discovered in the canUnpack function in p_mach↗2019-12-27

▶

CVEList

CVE-2019-20053: An invalid memory address dereference was discovered in the canUnpack function in p_mach↗2019-12-27

▶

📋Vendor Advisories

Debian

CVE-2019-20053: upx-ucl - An invalid memory address dereference was discovered in the canUnpack function i...↗2019

▶

💬Community

Bugzilla

CVE-2019-20053 upx: invalid memory address dereference in canUnpack in p_mach.cpp↗2020-01-23

▶

Bugzilla

CVE-2019-20053 upx: invalid memory address dereference in canUnpack in p_mach.cpp [epel-7]↗2020-01-23

▶

Bugzilla

CVE-2019-20053 upx: invalid memory address dereference in canUnpack in p_mach.cpp [epel-8]↗2020-01-23

▶

Bugzilla

CVE-2019-20053 upx: invalid memory address dereference in canUnpack in p_mach.cpp [fedora-all]↗2020-01-23

▶