First published: Thu Jan 12 2023(Updated: )
A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
Upx Project Upx | <2022-11-24 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-23456 is a heap-based buffer overflow vulnerability discovered in UPX in the PackTmt::pack() function in the p_tmt.cpp file.
The severity of CVE-2023-23456 is medium with a CVSS severity score of 5.5.
The vulnerability in CVE-2023-23456 allows an attacker to cause a denial of service (abort) by exploiting a heap-based buffer overflow issue in UPX.
The affected software versions include UPX version up to exclusive 2022-11-24, and Fedora versions 36 and 37.
To fix the vulnerability in CVE-2023-23456, users should update UPX to a version that includes the fix, or apply the necessary patches provided by the software vendor.