CVE-2019-20805: Integer Overflow
First published: Mon Jun 01 2020(Updated: )
p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| UPX | <3.96 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-20805.
What is the severity level of CVE-2019-20805?
CVE-2019-20805 has a severity level of 5.5 (medium).
Which software versions are affected by CVE-2019-20805?
Versions up to and excluding 3.96 of UPX are affected by CVE-2019-20805.
How can the integer overflow vulnerability be exploited?
The integer overflow vulnerability can be exploited during the unpacking process by providing crafted values in a PT_DYNAMIC segment.
Is there a fix available for CVE-2019-20805?
Yes, a fix for CVE-2019-20805 is available in UPX version 3.96 and later.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/upx project
- canonical/upx