First published: Thu Jan 12 2023(Updated: )
A Segmentation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. <a href="https://github.com/upx/upx/issues/631">https://github.com/upx/upx/issues/631</a> <a href="https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860">https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860</a>
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
Affected Software | Affected Version | How to fix |
---|---|---|
Upx Project Upx | <2022-11-23 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID of this vulnerability is CVE-2023-23457.
The severity of CVE-2023-23457 is medium (5.5).
The software affected by CVE-2023-23457 includes UPX (Upx Project Upx) versions before 2022-11-23 and Fedora versions 36 and 37 (Fedoraproject Fedora).
An attacker can exploit this vulnerability by providing a crafted input file that allows invalid memory address access, leading to a denial of service.
Yes, you can find references related to CVE-2023-23457 at the following links: [Link 1](https://github.com/upx/upx/issues/631), [Link 2](https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860), [Link 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2160386).