Integer overflow in UPX



Published: 2020-01-29
Risk Medium
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2019-14295
CWE-ID CWE-190
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
UPX
Universal components / Libraries / Libraries used by multiple products

Vendor UPX

Security Bulletin

This security bulletin contains information about 1 vulnerabilities.

This bulletin was created to describe a not fixed vulnerability, previously reported in SB2018051818.
Updated list of vulnerable UPX versions.

1) Integer overflow

EUVDB-ID: #VU23827

Risk: Medium

CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-14295

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in getElfSections() function in p_vmlinx.cpp via a skewed offset larger than the size of the PE section in a UPX packed executable. An attacker can create a specially crafted file, trigger integer overflow and trigger an allocation of excessive memory.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

UPX: 3.95 - 3.96


CPE2.3 External links

http://github.com/upx/upx/issues/286
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCJ43HTM45GZCAQ2FLEBDNBM76V22RG/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T52JATXV6NTPTMGXCRGT37H6KXERYNZN/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###