CVE-2023-23457 — Vulnetix

CVE-2023-23457 PUBLISHED CVSS 5.300000190734863 MEDIUM

A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.

EPSS 0.17% · 37.6th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

EPSS Score

0.17%

37.6th percentile

Affected Products

Vendor	Product	Versions
fedoraproject	fedora	36, 37, 36
upx	upx	0, 0
		4.0.2, 4.0.2

Timeline

Jan 12, 2023 CVE Published
Jan 13, 2023 EPSS Score
Feb 23, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 4, 2023 EPSS Score
May 15, 2023 EPSS Score
Jun 25, 2023 EPSS Score
Aug 5, 2023 EPSS Score
Sep 14, 2023 EPSS Score
Oct 25, 2023 EPSS Score
Dec 5, 2023 EPSS Score
Jan 15, 2024 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=2160382 url
https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 url
https://github.com/upx/upx/issues/631 url
FEDORA-2023-8d91390935 vendor-advisory
FEDORA-2023-89fdc22ace vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-23457 advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI url
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ url

Open in Interactive Console →