CVE-2020-27790

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-27790
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-27790.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-27790
Downstream
Published
2022-08-18T19:15:14.270Z
Modified
2025-11-20T11:24:17.947700Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A floating point exception issue was discovered in UPX in PackLinuxElf64::invertptdynamic() function of plxelf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.

References

Affected packages

Git / github.com/upx/upx

Affected ranges

Type
GIT
Repo
https://github.com/upx/upx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
eb90eab6325d009004ffb155e3e33f22d4d3ca26

Affected versions

v1.*

v1.10
v1.11
v1.90
v1.91
v1.92
v1.93
v1.94
v1.95
v1.96

v2.*

v2.00
v2.01
v2.90
v2.91
v2.92
v2.93

v3.*

v3.00
v3.01
v3.02
v3.03
v3.04
v3.05
v3.06
v3.07
v3.08
v3.09
v3.91
v3.92
v3.93
v3.94
v3.95

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 4710.0,
            "function_hash": "39145774349881406499490838442227643832"
        },
        "target": {
            "file": "src/p_lx_elf.cpp",
            "function": "PackLinuxElf64::invert_pt_dynamic"
        },
        "source": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26",
        "signature_version": "v1",
        "id": "CVE-2020-27790-3da0794d"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "145317539181996960361772925008465779633",
                "94015680874872155869221410711918543027",
                "257512030421514357358869368144131751659",
                "298170221817619621746268218005615421586",
                "283676182918635026582081218396605593518",
                "55785102059274965658935216953625066706",
                "328888672173557559298943631052536989415",
                "31690962482186716370246826971741377946",
                "245997566423411587258879575204015010789",
                "268893060449688657934830261936630756159",
                "130621782137866202238534780205650051100",
                "283676182918635026582081218396605593518",
                "17716483559486129341011559618088020649",
                "309750729337696117110651538933617513361"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "src/p_lx_elf.cpp"
        },
        "source": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26",
        "signature_version": "v1",
        "id": "CVE-2020-27790-921010b1"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 4495.0,
            "function_hash": "274167896519579016535090281065602039843"
        },
        "target": {
            "file": "src/p_lx_elf.cpp",
            "function": "PackLinuxElf32::invert_pt_dynamic"
        },
        "source": "https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26",
        "signature_version": "v1",
        "id": "CVE-2020-27790-98f2934b"
    }
]