Debian Upx-Ucl vulnerabilities

35 known vulnerabilities affecting debian/upx-ucl.

Total CVEs
35
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2LOW33

Vulnerabilities

Page 2 of 2
CVE-2020-27790LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2020
CVE-2020-27790 [MEDIUM] CVE-2020-27790: upx-ucl - A floating point exception issue was discovered in UPX in PackLinuxElf64::invert... A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability. Scope: local bullseye: resolved (fixed in 3.96-1) forky: resolved (fixed in 3.96-1
debian
CVE-2020-27800LOWCVSS 7.8fixed in upx-ucl 4.2.2-1 (forky)2020
CVE-2020-27800 [HIGH] CVE-2020-27800: upx-ucl - A heap-based buffer over-read was discovered in the get_le32 function in bele.h ... A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. Scope: local bullseye: open forky: resolved (fixed in 4.2.2-1) sid: resolved (fixed in 4.2.2-1) trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2020-27798LOWCVSS 5.5fixed in upx-ucl 4.2.2-1 (forky)2020
CVE-2020-27798 [MEDIUM] CVE-2020-27798: upx-ucl - An invalid memory address reference was discovered in the adjABS function in p_l... An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. Scope: local bullseye: open forky: resolved (fixed in 4.2.2-1) sid: resolved (fixed in 4.2.2-1) trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2020-27787LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2020
CVE-2020-27787 [MEDIUM] CVE-2020-27787: upx-ucl - A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_e... A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. Scope: local bullseye: resolved (fixed in 3.96-1) forky: resolved (fixed in 3.96-1) sid: resolved (fixed in 3.96-1) trixie: resolved (fixed in 3.96-1)
debian
CVE-2020-27797LOWCVSS 5.5fixed in upx-ucl 4.2.2-1 (forky)2020
CVE-2020-27797 [MEDIUM] CVE-2020-27797: upx-ucl - An invalid memory address reference was discovered in the elf_lookup function in... An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. Scope: local bullseye: open forky: resolved (fixed in 4.2.2-1) sid: resolved (fixed in 4.2.2-1) trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2020-27799LOWCVSS 7.8fixed in upx-ucl 4.2.2-1 (forky)2020
CVE-2020-27799 [HIGH] CVE-2020-27799: upx-ucl - A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in ... A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file. Scope: local bullseye: open forky: resolved (fixed in 4.2.2-1) sid: resolved (fixed in 4.2.2-1) trixie: resolved (fixed in 4.2.2-1)
debian
CVE-2019-14296LOWCVSS 7.8fixed in upx-ucl 3.95-2 (bullseye)2019
CVE-2019-14296 [HIGH] CVE-2019-14296: upx-ucl - canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial ... canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file. Scope: local bullseye: resolved (fixed in 3.95-2) forky: resolved (fixed in 3.95-2) sid: resolved (fixed in 3.95-2) trixie: resolved (fixed in 3.95-2)
debian
CVE-2019-20051LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2019
CVE-2019-20051 [MEDIUM] CVE-2019-20051: upx-ucl - A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.... A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service. Scope: local bullseye: resolved (fixed in 3.96-1) forky: resolved (fixed in 3.96-1) sid: resolved (fixed in 3.96-1) trixie: resolved (fixed in 3.96-1)
debian
CVE-2019-20021LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2019
CVE-2019-20021 [MEDIUM] CVE-2019-20021: upx-ucl - A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3... A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Scope: local bullseye: resolved (fixed in 3.96-1) forky: resolved (fixed in 3.96-1) sid: resolved (fixed in 3.96-1) trixie: resolved (fixed in 3.96-1)
debian
CVE-2019-20805LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2019
CVE-2019-20805 [MEDIUM] CVE-2019-20805: upx-ucl - p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via cra... p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment. Scope: local bullseye: resolved (fixed in 3.96-1) forky: resolved (fixed in 3.96-1) sid: resolved (fixed in 3.96-1) trixie: resolved (fixed in 3.96-1)
debian
CVE-2019-20053LOWCVSS 5.5fixed in upx-ucl 3.96-1 (bullseye)2019
CVE-2019-20053 [MEDIUM] CVE-2019-20053: upx-ucl - An invalid memory address dereference was discovered in the canUnpack function i... An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. Scope: local bullseye: resolved (fixed in 3.96-1) forky: resolved (fixed in 3.96-1) sid: resolved (fixed in 3.96-1) trixie: resolved (fixed in 3.96-1)
debian
CVE-2019-14295LOWCVSS 5.5fixed in upx-ucl 3.95-2 (bullseye)2019
CVE-2019-14295 [MEDIUM] CVE-2019-14295: upx-ucl - An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 a... An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory. Scope: local bullseye: resolved (fixed in 3.95-2) forky: resolved (fixed in 3.95-2) sid:
debian
CVE-2018-11243LOWCVSS 7.8fixed in upx-ucl 1.03+repack-5 (bullseye)2018
CVE-2018-11243 [HIGH] CVE-2018-11243: upx-ucl - PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to ca... PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file. Scope: local bullseye: resolved (fixed in 1.03+repack-5) forky: resolved (fixed in 1.03+repack-5) sid: resol
debian
CVE-2017-15056LOWCVSS 7.8fixed in upx-ucl 3.94-4 (bullseye)2017
CVE-2017-15056 [HIGH] CVE-2017-15056: upx-ucl - p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers t... p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack(). Scope: local bullseye: resolved (fixed in 3.94-4) forky: resolved (fixed in 3.94-4) sid: resolved (
debian
CVE-2017-16869LOWCVSS 7.8fixed in upx-ucl 3.94-4 (bullseye)2017
CVE-2017-16869 [HIGH] CVE-2017-16869: upx-ucl - p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (inv... p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever. Scope: local bullseye: resolved (fixed in 3.94-4) forky: resol
debian
← Previous2 / 2