CVE-2021-30500

Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.

Published: May 27, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-30500
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
redhat / enterprise_linux	7.0	7.0.x
fedoraproject / fedora	33	33.x
upx / upx	4.0.0	4.0.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=1948692
https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc
https://github.com/upx/upx/issues/485

Vulnerability Database

289,871

CVE-2021-30500