Unrated severityOSV Advisory· Published Jan 12, 2023· Updated Dec 11, 2024
Upx: heap-buffer-overflow in packtmt::pack()
CVE-2023-23456
Description
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords6 versionspkg:apk/chainguard/upxpkg:apk/chainguard/upx-docpkg:apk/wolfi/upxpkg:apk/wolfi/upx-docpkg:rpm/opensuse/upx&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/upx&distro=SUSE%20Package%20Hub%2015%20SP4
< 5.0.0-r0+ 5 more
- (no CPE)range: < 5.0.0-r0
- (no CPE)range: < 5.0.0-r0
- (no CPE)range: < 5.0.0-r0
- (no CPE)range: < 5.0.0-r0
- (no CPE)range: < 4.0.2-bp154.4.6.1
- (no CPE)range: < 4.0.2-bp154.4.6.1
Patches
Vulnerability mechanics
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/mitrevendor-advisory
- bugzilla.redhat.com/show_bug.cgimitre
- github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4mitre
- github.com/upx/upx/issues/632mitre
News mentions
0No linked articles in our index yet.