CVE-2021-43317

HIGH EPSS 52.5%

Published Mar 24, 20233y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Mar 24, 2023 3y ago

Last Modified Jun 17, 2026 1w ago

Description

A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

52.5% percentile

Exploit & Patch Status

Public Exploit Known

Patch Available

Weaknesses 2

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 1

Vendor	Product	Version	Range
upx	upx	*	<4.0.0

References 1

github.com https://github.com/upx/upx/issues/380

ExploitIssue TrackingPatch

Remediation

github.com https://github.com/upx/upx/issues/380

ExploitIssue TrackingPatch