CVE-2021-20285

Name
CVE-2021-20285
Description
A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/upx/upx/issues/421
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1937787

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:upx_project:upx:3.96:*:*:*:*:*:*:* upx == None == 3.96

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
upx 3.13-community 3.96-r1 Mitch Tishmack <mitch.tishmack@gmail.com> fixed
upx 3.14-community 3.96-r1 Mitch Tishmack <mitch.tishmack@gmail.com> fixed
upx 3.15-community 3.96-r1 Mitch Tishmack <mitch.tishmack@gmail.com> fixed
upx 3.16-community 3.96-r1 Mitch Tishmack <mitch.tishmack@gmail.com> fixed