<html>

    <head>

      <base href="https://bugzilla.rosalinux.ru/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Platform</th>

          <td>2021.1

          </td>

        </tr>

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_CONFIRMED "

   title="CONFIRMED - [CVE 21] upx 3.95 CVEs found"

   href="https://bugzilla.rosalinux.ru/show_bug.cgi?id=13337">13337</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[CVE 21] upx 3.95  CVEs found

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>ROSA-based products

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>ROSA Fresh

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>URL</th>

          <td>CVE-2019-20805, CVE-2020-27787, CVE-2020-27788, CVE-2020-27790, CVE-2021-43311, CVE-2021-43312, CVE-2021-43313, CVE-2021-43314, CVE-2021-43315, CVE-2021-43316, CVE-2021-43317, CVE-2023-23456, CVE-2023-23457,

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>CONFIRMED

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>System (kernel, glibc, systemd, bash, PAM...)

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>bugs&#64;lists.rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>y.tumanov&#64;rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>QA Contact</th>

          <td>bugs&#64;lists.rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>s.matveev&#64;rosalinux.ru, y.tumanov&#64;rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>Target Milestone</th>

          <td>---

          </td>

        </tr>

        <tr>

          <th>Flags</th>

          <td>secteam_verified?

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Please patch CVEs for package upx version 3.95

INFO (CVEs are): upx 3.95

 cves found

CVE-2019-20805

Desc: p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking

via crafted values in a PT_DYNAMIC segment.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-20805">https://nvd.nist.gov/vuln/detail/CVE-2019-20805</a>

Severity: MEDIUM

CVE-2020-27787

Desc: A Segmentaation fault was found in UPX in invert_pt_dynamic() function in

p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory

address access that could lead to a denial of service.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27787">https://nvd.nist.gov/vuln/detail/CVE-2020-27787</a>

Severity: MEDIUM

CVE-2020-27788

Desc: An out-of-bounds read access vulnerability was discovered in UPX in

PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a

crafted input file could trigger this issue that could cause a crash leading to

a denial of service.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27788">https://nvd.nist.gov/vuln/detail/CVE-2020-27788</a>

Severity: MEDIUM

CVE-2020-27790

Desc: A floating point exception issue was discovered in UPX in

PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker

with a crafted input file could trigger this issue that could cause a crash

leading to a denial of service. The highest impact is to Availability.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27790">https://nvd.nist.gov/vuln/detail/CVE-2020-27790</a>

Severity: MEDIUM

CVE-2021-43311

Desc: A heap-based buffer overflow was discovered in upx, during the generic

pointer 'p' points to an inaccessible address in func get_le32(). The problem

is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43311">https://nvd.nist.gov/vuln/detail/CVE-2021-43311</a>

Severity: HIGH

CVE-2021-43312

Desc: A heap-based buffer overflow was discovered in upx, during the variable

'bucket' points to an inaccessible address. The issue is being triggered in the

function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43312">https://nvd.nist.gov/vuln/detail/CVE-2021-43312</a>

Severity: HIGH

CVE-2021-43313

Desc: A heap-based buffer overflow was discovered in upx, during the variable

'bucket' points to an inaccessible address. The issue is being triggered in the

function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43313">https://nvd.nist.gov/vuln/detail/CVE-2021-43313</a>

Severity: HIGH

CVE-2021-43314

Desc: A heap-based buffer overflows was discovered in upx, during the generic

pointer 'p' points to an inaccessible address in func get_le32(). The problem

is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43314">https://nvd.nist.gov/vuln/detail/CVE-2021-43314</a>

Severity: HIGH

CVE-2021-43315

Desc: A heap-based buffer overflows was discovered in upx, during the generic

pointer 'p' points to an inaccessible address in func get_le32(). The problem

is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43315">https://nvd.nist.gov/vuln/detail/CVE-2021-43315</a>

Severity: HIGH

CVE-2021-43316

Desc: A heap-based buffer overflow was discovered in upx, during the generic

pointer 'p' points to an inaccessible address in func get_le64().

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43316">https://nvd.nist.gov/vuln/detail/CVE-2021-43316</a>

Severity: HIGH

CVE-2021-43317

Desc: A heap-based buffer overflows was discovered in upx, during the generic

pointer 'p' points to an inaccessible address in func get_le32(). The problem

is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43317">https://nvd.nist.gov/vuln/detail/CVE-2021-43317</a>

Severity: HIGH

CVE-2023-23456

Desc: A heap-based buffer overflow issue was discovered in UPX in

PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a

denial of service (abort) via a crafted file.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-23456">https://nvd.nist.gov/vuln/detail/CVE-2023-23456</a>

Severity: MEDIUM

CVE-2023-23457

Desc: A Segmentation fault was found in UPX in

PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted

input file allows invalid memory address access that could lead to a denial of

service.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-23457">https://nvd.nist.gov/vuln/detail/CVE-2023-23457</a>

Severity: MEDIUM</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the QA Contact for the bug.</li>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>