ByteOS Network

UPX

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-2849

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-4.8||MEDIUM

EPSS-0.02% / 4.13%

7 Day CHG-0.01%

Published-27 Mar, 2025 | 13:31

Updated-11 Apr, 2025 | 16:09

UPX p_lx_elf.cpp un_DT_INIT heap-based overflow

A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

Vendor-upx n/a

Product-upx UPX

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-122

Heap-based Buffer Overflow

CWE ID-CWE-787

Out-of-bounds Write

CVE-2024-3209

Assigner-VulDB

View Details

Assigner-VulDB

CVSS Score-5.5||MEDIUM

EPSS-0.35% / 56.77%

7 Day CHG+0.09%

Published-02 Apr, 2024 | 23:00

Updated-25 Apr, 2025 | 14:33

UPX bele.h get_ne64 heap-based overflow

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vendor-upx n/a Fedora Project

Product-upx fedora UPX

CWE ID-CWE-122

Heap-based Buffer Overflow