CVE-2023-23457
published 2023-01-12CVE-2023-23457: A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory…
PriorityP419medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.35%
26.7th percentile
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | upx-ucl | < upx-ucl 4.2.2-1 (forky) | upx-ucl 4.2.2-1 (forky) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| upx | upx | < 2022-11-23 | 2022-11-23 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM
vendor_oracle9.8HIGH
vendor_debian5.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qcvq-w335-8gh3: A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf
ghsa_unreviewed·2023-01-12
CVE-2023-23457 [MEDIUM] CWE-119 GHSA-qcvq-w335-8gh3: A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
OSV
CVE-2023-23457: A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf
osv·2023-01-12·CVSS 5.5
CVE-2023-23457 [MEDIUM] CVE-2023-23457: A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
Oracle
Oracle Oracle GoldenGate Risk Matrix: GoldenGate Studio (Enterprise Security API) — CVE-2022-23457
vendor_oracle·2023-04-15·CVSS 9.8
CVE-2022-23457 [HIGH] Oracle Oracle GoldenGate Risk Matrix: GoldenGate Studio (Enterprise Security API) — CVE-2022-23457
Oracle Oracle GoldenGate Risk Matrix: GoldenGate Studio (Enterprise Security API) vulnerability
CVE: CVE-2022-23457
CVSS: 9.8
Protocol: Multiple
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Third Party Patch (Enterprise Security API) — CVE-2022-23457
vendor_oracle·2023-01-15·CVSS 7.5
CVE-2022-23457 [HIGH] Oracle Oracle Fusion Middleware Risk Matrix: Third Party Patch (Enterprise Security API) — CVE-2022-23457
Oracle Oracle Fusion Middleware Risk Matrix: Third Party Patch (Enterprise Security API) vulnerability
CVE: CVE-2022-23457
CVSS: 7.5
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpujan2023 (JAN 2023)
Debian
CVE-2023-23457: upx-ucl - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in ...
vendor_debian·2023·CVSS 5.3
CVE-2023-23457 [MEDIUM] CVE-2023-23457: upx-ucl - A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in ...
A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.
Scope: local
bullseye: open
forky: resolved (fixed in 4.2.2-1)
sid: resolved (fixed in 4.2.2-1)
trixie: resolved (fixed in 4.2.2-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=2160382https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860https://github.com/upx/upx/issues/631https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/https://bugzilla.redhat.com/show_bug.cgi?id=2160382https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860https://github.com/upx/upx/issues/631https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/
2023-01-12
Published