CVE-2019-20805

Опубликовано: 01 июн. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.

Ссылки

https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010
Patch
Third Party Advisory
https://github.com/upx/upx/issues/317
Third Party Advisory
https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010
Patch
Third Party Advisory
https://github.com/upx/upx/issues/317
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:upx:upx:*:*:*:*:*:*:*:*

Версия до 3.96 (исключая)

EPSS

Процентиль: 26%

0.00089

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2019-20805

CVSS3: 5.5

ubuntu

больше 5 лет назад

p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.

CVE-2019-20805

CVSS3: 5.5

debian

больше 5 лет назад

p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ...

GHSA-3x77-qmhw-v3hg

CVSS3: 5.5

github

больше 3 лет назад

p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.

EPSS

Процентиль: 26%

0.00089

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-190