CVE-2021-30501

CVE-2021-30501

Name

CVE-2021-30501

Description

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=1948696
MISC	https://github.com/upx/upx/issues/486
MISC	https://github.com/upx/upx/pull/487
MISC	https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46

Type

URI

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1948696

MISC

https://github.com/upx/upx/issues/486

MISC

https://github.com/upx/upx/pull/487

MISC

https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:upx_project:upx:4.0.0:::::::*`	upx	== None	== 4.0.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:upx_project:upx:4.0.0:*:*:*:*:*:*:*

upx

== None

== 4.0.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
upx	edge-community	4.0.0-r0	Mitch Tishmack <mitch.tishmack@gmail.com>	fixed
upx	3.22-community	4.0.0-r0	None	fixed
upx	3.21-community	4.0.0-r0	None	fixed
upx	3.20-community	4.0.0-r0	None	fixed
upx	3.19-community	4.0.0-r0	None	fixed
upx	3.18-community	4.0.0-r0	None	fixed
upx	3.17-community	4.0.0-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

upx

edge-community

4.0.0-r0

Mitch Tishmack <mitch.tishmack@gmail.com>

fixed

upx

3.22-community