[Bugs] [Bug 13337] New: [CVE 21] upx 3.95 CVEs found

bugzilla bugzilla на rosalinux.ru
Ср Май 3 17:21:38 MSK 2023 

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13337

          Platform: 2021.1
            Bug ID: 13337
           Summary: [CVE 21] upx 3.95  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2019-20805, CVE-2020-27787, CVE-2020-27788,
                    CVE-2020-27790, CVE-2021-43311, CVE-2021-43312,
                    CVE-2021-43313, CVE-2021-43314, CVE-2021-43315,
                    CVE-2021-43316, CVE-2021-43317, CVE-2023-23456,
                    CVE-2023-23457,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package upx version 3.95

INFO (CVEs are): upx 3.95
 cves found
CVE-2019-20805
Desc: p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking
via crafted values in a PT_DYNAMIC segment.
Link: https://nvd.nist.gov/vuln/detail/CVE-2019-20805
Severity: MEDIUM
CVE-2020-27787
Desc: A Segmentaation fault was found in UPX in invert_pt_dynamic() function in
p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory
address access that could lead to a denial of service.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27787
Severity: MEDIUM
CVE-2020-27788
Desc: An out-of-bounds read access vulnerability was discovered in UPX in
PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a
crafted input file could trigger this issue that could cause a crash leading to
a denial of service.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27788
Severity: MEDIUM
CVE-2020-27790
Desc: A floating point exception issue was discovered in UPX in
PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker
with a crafted input file could trigger this issue that could cause a crash
leading to a denial of service. The highest impact is to Availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27790
Severity: MEDIUM
CVE-2021-43311
Desc: A heap-based buffer overflow was discovered in upx, during the generic
pointer 'p' points to an inaccessible address in func get_le32(). The problem
is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43311
Severity: HIGH
CVE-2021-43312
Desc: A heap-based buffer overflow was discovered in upx, during the variable
'bucket' points to an inaccessible address. The issue is being triggered in the
function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43312
Severity: HIGH
CVE-2021-43313
Desc: A heap-based buffer overflow was discovered in upx, during the variable
'bucket' points to an inaccessible address. The issue is being triggered in the
function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43313
Severity: HIGH
CVE-2021-43314
Desc: A heap-based buffer overflows was discovered in upx, during the generic
pointer 'p' points to an inaccessible address in func get_le32(). The problem
is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43314
Severity: HIGH
CVE-2021-43315
Desc: A heap-based buffer overflows was discovered in upx, during the generic
pointer 'p' points to an inaccessible address in func get_le32(). The problem
is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43315
Severity: HIGH
CVE-2021-43316
Desc: A heap-based buffer overflow was discovered in upx, during the generic
pointer 'p' points to an inaccessible address in func get_le64().
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43316
Severity: HIGH
CVE-2021-43317
Desc: A heap-based buffer overflows was discovered in upx, during the generic
pointer 'p' points to an inaccessible address in func get_le32(). The problem
is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43317
Severity: HIGH
CVE-2023-23456
Desc: A heap-based buffer overflow issue was discovered in UPX in
PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a
denial of service (abort) via a crafted file.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-23456
Severity: MEDIUM
CVE-2023-23457
Desc: A Segmentation fault was found in UPX in
PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted
input file allows invalid memory address access that could lead to a denial of
service.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-23457
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/4a05f343/attachment.html>

Подробная информация о списке рассылки Bugs