CVE-2023-23457

MEDIUM 5.3

Upx: segv on packlinuxelf64::invert_pt_dynamic() in p_lx_elf.cpp

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.

CWE	CWE-119
Published	Jan 12, 2023
Last Updated	Apr 7, 2025

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new medium vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2160382 github.com: https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 github.com: https://github.com/upx/upx/issues/631 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EL3BVKIGG3SH6I3KPOYQAWCBD4UMPOPI/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/

Credits

Red Hat would like to thank Chenweijia for reporting this issue.