CVE-2021-43312

HIGH EPSS 52.5%

Published Mar 24, 20233y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Mar 24, 2023 3y ago

Last Modified Jun 17, 2026 1w ago

Description

A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

52.5% percentile

Exploit & Patch Status

Public Exploit Known

Patch Available

Weaknesses 2

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

Vendor	Product	Version	Range
upx	upx	*	<4.0.0

References 1

github.com https://github.com/upx/upx/issues/379

ExploitIssue TrackingPatch

Remediation

github.com https://github.com/upx/upx/issues/379

ExploitIssue TrackingPatch