CVE-2019-20051
MEDIUMUPX 3.95 - Denial of Service via Floating-Point Exception in PackLinuxElf::elf_hash
Title source: llmDescription
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/upx/upx/issues/313
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7XU42G6MUQQXHWRP7DCF2JSIBOJ5GOO/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUTVSTXAFTD552NO2K2RIF6MDQEHP3BE/
Scores
CVSS v3
5.5
EPSS
0.0090
EPSS Percentile
54.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-682
Status
published
Products (3)
fedoraproject/fedora
30
fedoraproject/fedora
31
upx/upx
3.95
Published
Dec 27, 2019
Tracked Since
Feb 18, 2026