CVE-2019-20805Integer Overflow or Wraparound in UPX

CWE-190Integer Overflow or Wraparound5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 74.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
UPXDebian Upx-ucl
Timeline
PublishedJun 1
Latest updateMay 24

Description

p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDupx/upx< 3.96
debiandebian/upx-ucl< upx-ucl 3.96-1 (bullseye)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-3x77-qmhw-v3hg: p_lx_elf2022-05-24
OSV
CVE-2019-20805: p_lx_elf2020-06-01

📋Vendor Advisories

1
Debian
CVE-2019-20805: upx-ucl - p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via cra...2019

💬Community

1
Bugzilla
CVE-2019-20805 upx: integer overflow in p_lx_elf.cpp2020-06-19
CVE-2019-20805 — Integer Overflow or Wraparound in UPX | cvebase