CVE-2023-23457

Source
https://cve.org/CVERecord?id=CVE-2023-23457
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23457.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-23457
Downstream
Related
Published
2023-01-12T00:00:00Z
Modified
2026-07-15T02:08:03.507087698Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp
Details

A Segmentation fault was found in UPX in PackLinuxElf64::invertptdynamic() in plxelf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.

Database specific
{
    "cwe_ids": [
        "CWE-119"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/23xxx/CVE-2023-23457.json",
    "cna_assigner": "fedora"
}
References

Affected packages

Git / github.com/upx/upx

Affected ranges

Type
GIT
Repo
https://github.com/upx/upx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

v1.*
v1.10
v1.11
v1.90
v1.91
v1.92
v1.93
v1.94
v1.95
v1.96
v2.*
v2.00
v2.01
v2.90
v2.91
v2.92
v2.93
v3.*
v3.00
v3.01
v3.02
v3.03
v3.04
v3.06
v3.07
v3.09
v3.91
v3.92
v3.93
v3.95
v3.96
v3.99
v4.*
v4.0.0
v4.0.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23457.json"