CVE-2021-20285
published 2021-03-26CVE-2021-20285: A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application…
PriorityP421medium6.6CVSS 3.1
AVLACLPRNUIRSUCLILAH
EPSS
0.75%
50.3th percentile
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | upx-ucl | < upx-ucl 4.2.2-1 (forky) | upx-ucl 4.2.2-1 (forky) |
| upx | upx | — | — |
| upx | upx | — | — |
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
nvdv2.08.3HIGHAV:N/AC:M/Au:N/C:P/I:P/A:C
osv6.6MEDIUM
vendor_debian6.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9235-qgm5-877x: A flaw was found in upx canPack in p_lx_elf
ghsa_unreviewed·2022-05-24
CVE-2021-20285 [HIGH] CWE-119 GHSA-9235-qgm5-877x: A flaw was found in upx canPack in p_lx_elf
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
OSV
CVE-2021-20285: A flaw was found in upx canPack in p_lx_elf
osv·2021-03-26·CVSS 6.6
CVE-2021-20285 [MEDIUM] CVE-2021-20285: A flaw was found in upx canPack in p_lx_elf
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
Debian
CVE-2021-20285: upx-ucl - A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows at...
vendor_debian·2021·CVSS 6.6
CVE-2021-20285 [MEDIUM] CVE-2021-20285: upx-ucl - A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows at...
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
Scope: local
bullseye: open
forky: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-03-26
Published