openSUSE-SU-2023:0088-1

Import Source

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2023:0088-1

Related

Published

2023-04-11T07:07:29Z

Modified

2023-04-11T07:07:29Z

Summary

Security update for upx

Details

upx was updated to fix the following issues:

Update to release 4.0.2

Fix unpack of ELF x86-64 that failed with 'CantUnpackException: corrupt b_info'
Resolve SEGV on PackLinuxElf64::invertptdynamic
CVE-2021-30500: Fixed Null pointer dereference in PackLinuxElf:canUnpack() in plxelf.cpp
CVE-2021-30501: Fixed Assertion abort in function MemBuffer:alloc()
CVE-2021-43311: Fixed Heap-based buffer overflow in PackLinuxElf32:elflookup() at plx_elf.cpp
CVE-2021-43312: Fixed Heap-based buffer overflow in PackLinuxElf64:invertptdynamic at plxelf.cpp:5239
CVE-2021-43313: Fixed Heap-based buffer overflow in PackLinuxElf32:invertptdynamic at plxelf.cpp:1688
CVE-2021-43314: Fixed Heap-based buffer overflows in PackLinuxElf32:elflookup() at plx_elf.cp
CVE-2021-43315: Fixed Heap-based buffer overflows in PackLinuxElf32:elflookup() at plx_elf.cp
CVE-2021-43316: Fixed Heap-based buffer overflow in func get_le64()
CVE-2021-43317: Fixed Heap-based buffer overflows in PackLinuxElf64:elflookup() at plx_elf.cp
CVE-2023-23456: Fixed heap-buffer-overflow in PackTmt:pack()
CVE-2023-23457: Fixed SEGV on PackLinuxElf64:invertptdynamic() in plxelf.cpp

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.2-bp154.4.6.1

{
    "binaries": [
        {
            "upx": "4.0.2-bp154.4.6.1"
        }
    ]
}

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.2-bp154.4.6.1

{
    "binaries": [
        {
            "upx": "4.0.2-bp154.4.6.1"
        }
    ]
}