1848985 – (CVE-2019-20805) CVE-2019-20805 upx: integer overflow in p_lx_elf.cpp

Bug 1848985 (CVE-2019-20805) - CVE-2019-20805 upx: integer overflow in p_lx_elf.cpp

Summary: CVE-2019-20805 upx: integer overflow in p_lx_elf.cpp

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	CVE-2019-20805
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-06-19 12:37 UTC by Dhananjay Arunesh
Modified:	2020-06-19 19:22 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-06-19 19:22:14 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2020-06-19 12:37:52 UTC

A vulnerability was found in p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.

References:
https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010
https://github.com/upx/upx/issues/317

Note You need to log in before you can comment on or make changes to this bug.