An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html | Mailing List Third Party Advisory |
https://github.com/upx/upx/issues/314 | Exploit Third Party Advisory |
Configurations
History
01 Jan 2022, 20:08
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
|
CWE | CWE-119 | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.html - Mailing List, Third Party Advisory |
Information
Published : 2019-12-27 22:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-20053
Mitre link : CVE-2019-20053
CVE.ORG link : CVE-2019-20053
JSON object : View
Products Affected
opensuse
- leap
- backports
upx_project
- upx
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer