VDB
CVE-2023-23456
CVE-2023-23456
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
EPSS 0.03% · 8.6th percentile
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS Score
0.03%
8.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 4.0.2, 4.0.2 | ||
| upx | upx | 0, 0 |
| fedoraproject | fedora | 36, 37, 36 |
Timeline
- Jan 12, 2023 CVE Published
- Jan 13, 2023 EPSS Score
- Feb 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 4, 2023 EPSS Score
- May 15, 2023 EPSS Score
- Jun 25, 2023 EPSS Score
- Aug 5, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
- Oct 25, 2023 EPSS Score
- Dec 5, 2023 EPSS Score
- Jan 15, 2024 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2160381 url
- https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 url
- https://github.com/upx/upx/issues/632 url
- FEDORA-2023-8d91390935 vendor-advisory
- FEDORA-2023-89fdc22ace vendor-advisory
- https://lists.debian.org/debian-lts-announce/2024/12/msg00013.html url
- https://nvd.nist.gov/vuln/detail/CVE-2023-23456 advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI url
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ url