CVE-2021-43311

Summary

A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.

Affected Software

VendorProductVersion RangeStatus
n/aupxupx before 4.0.0-git-c6b9e3c62d15affected

Weaknesses

  • CWE-119: CWE-119

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References