This security bulletin contains information about 1 vulnerabilities.
Exploit availability: NoDescription
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in getElfSections() function in p_vmlinx.cpp via a skewed offset larger than the size of the PE section in a UPX packed executable. An attacker can create a specially crafted file, trigger integer overflow and trigger an allocation of excessive memory.Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.Vulnerable software versions
UPX: 3.95 - 3.96
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.