CVE-2021-30500

Name
CVE-2021-30500
Description
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/upx/upx/issues/485
MISC https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
MISC https://bugzilla.redhat.com/show_bug.cgi?id=1948692

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:upx_project:upx:4.0.0:*:*:*:*:*:*:* upx == None == 4.0.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status