CVE-2024-3209

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/upx/upx

Affected ranges

Type

GIT

Repo

https://github.com/upx/upx

Events

Introduced

Last affected

099c3d829e80488af7395a4242b318877e980da4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.2"
        }
    ]
}

Affected versions

v1.*

v1.10

v1.11

v1.90

v1.91

v1.92

v1.93

v1.94

v1.95

v1.96

v2.*

v2.00

v2.01

v2.90

v2.91

v2.92

v2.93

v3.*

v3.00

v3.01

v3.02

v3.03

v3.04

v3.05

v3.06

v3.07

v3.08

v3.09

v3.91

v3.92

v3.93

v3.94

v3.95

v3.96

v3.99

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.1.0

v4.2.0

v4.2.1

v4.2.2

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "39"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "40"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3209.json"