Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-2849

Опубликовано: 27 мар. 2025
Источник: ubuntu
Приоритет: medium
CVSS2: 1.7
CVSS3: 3.3

Описание

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

noble

needs-triage

oracular

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

1.7 Low

CVSS2

3.3 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-2849

CVSS3: 3.3
nvd
6 месяцев назад

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

debian логотип

CVE-2025-2849

CVSS3: 3.3
debian
6 месяцев назад

A vulnerability, which was classified as problematic, was found in UPX ...

redos логотип

ROS-20250616-06

CVSS3: 5.5
redos
3 месяца назад

Уязвимость upx

github логотип

GHSA-jrx7-5cr9-c5v4

CVSS3: 3.3
github
6 месяцев назад

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

fstec логотип

BDU:2025-06969

CVSS3: 5.5
fstec
6 месяцев назад

Уязвимость функции PackLinuxElf64::un_DT_INIT() файла src/p_lx_elf.cpp упаковщика исполняемых файлов UPX, позволяющая нарушителю вызвать отказ в обслуживании

1.7 Low

CVSS2

3.3 Low

CVSS3