CVE-2019-20805
- Source
- https://cve.org/CVERecord?id=CVE-2019-20805
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20805.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-20805
- Downstream
- Published
- 2020-06-01T14:15:09.977Z
- Modified
- 2026-02-24T11:32:35.090761Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
plxelf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
- References
Affected packages
Git / github.com/upx/upx
Affected ranges
- Type
- GIT
- Repo
- https://github.com/upx/upx
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.10
v1.11
v1.90
v1.91
v1.92
v1.93
v1.94
v1.95
v1.96
v2.*
v2.00
v2.01
v2.90
v2.91
v2.92
v2.93
v3.*
v3.00
v3.01
v3.02
v3.03
v3.04
v3.05
v3.06
v3.07
v3.08
v3.09
v3.91
v3.92
v3.93
v3.94
v3.95
Database specific
vanir_signatures
[
{
"target": {
"file": "src/p_lx_elf.cpp",
"function": "PackLinuxElf64::calls_crt1"
},
"digest": {
"length": 577.0,
"function_hash": "312902242249772162315346038919440576024"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2019-20805-12ede8e6",
"source": "https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010"
},
{
"target": {
"file": "src/p_lx_elf.cpp",
"function": "PackLinuxElf64::invert_pt_dynamic"
},
"digest": {
"length": 4137.0,
"function_hash": "58357211940703535331158763453928455393"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2019-20805-26ba4da8",
"source": "https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010"
},
{
"target": {
"file": "src/p_lx_elf.cpp",
"function": "PackLinuxElf64::elf_find_dynamic"
},
"digest": {
"length": 480.0,
"function_hash": "96055249645705759514492248097930933252"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2019-20805-2c874cf0",
"source": "https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010"
},
{
"target": {
"file": "src/p_lx_elf.cpp",
"function": "PackLinuxElf32::invert_pt_dynamic"
},
"digest": {
"length": 3931.0,
"function_hash": "338425216025063677905331139495793326970"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2019-20805-50d735c0",
"source": "https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010"
},
{
"target": {
"file": "src/p_lx_elf.cpp",
"function": "PackLinuxElf32::elf_find_dynamic"
},
"digest": {
"length": 438.0,
"function_hash": "96173857512376388117823070504559974836"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2019-20805-6424d310",
"source": "https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010"
},
{
"target": {
"file": "src/p_lx_elf.cpp",
"function": "PackLinuxElf32::calls_crt1"
},
"digest": {
"length": 575.0,
"function_hash": "153558037578098246534208769168192984456"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2019-20805-86574e07",
"source": "https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010"
},
{
"target": {
"file": "src/p_lx_elf.cpp"
},
"digest": {
"line_hashes": [
"54774852360030615279108870999943279656",
"322862517746767165126264264977393820224",
"38493765024543746172863041858753748892",
"318408873266090052416635515886184371003",
"17716483559486129341011559618088020649",
"309750729337696117110651538933617513361",
"284870716251403629238912888000679616613",
"224032610979964612601578409559901311701",
"127603510880008128016178442453145930023",
"278396422224727754799857414188439448055",
"337780650179851775149278246764558958377",
"101355817187933389016203026473425244497",
"67880038202599877229819405967320998871",
"242664616021666486791219282656298510802",
"46975155932337015516707623271111275332",
"254431902758898717790836927215562756143",
"218000758663718663547952463717960880473",
"278038586753723518458042340847549180562",
"332789532712202577190209049901364677248",
"57360346307514924150852139945328547720",
"218000758663718663547952463717960880473",
"29411247818848051514997481046433039316",
"319844746802903580478030313258347765468",
"180699176203845219594160139579743245556",
"171185295267447412412045593809392043320",
"274134798931136995869626152357586049872",
"147965271236118401367158661655434596294",
"268930172194107747152541460498748257514",
"62123528716155451362253429836432801175",
"270655823320849474730844622190295186991",
"284870716251403629238912888000679616613",
"224032610979964612601578409559901311701",
"127603510880008128016178442453145930023",
"278396422224727754799857414188439448055",
"73544359676351891321121629010078401838",
"150910066499945757058289798340854498757",
"16514102385282209846154256197125990938",
"338747797236447005423896100869344411665",
"278964191340654417571349394581856556819",
"18886568184550143275515874300041733231",
"92048631183399312370864183475726739981",
"123242991812652256637128281499547889958",
"64359609406850278440978836910628501181"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2019-20805-9b4368ea",
"source": "https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-20805.json"