CVE-2020-27790

MEDIUM

Upx < 3.96 - Divide By Zero

Title source: rule

Description

A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.

References (2)

[Patch, Third Party Advisory] https://github.com/upx/upx/commit/eb90eab6325d009004ffb155e3e33f22d4d3ca26

View Patch ZIP pw:eip

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://github.com/upx/upx/issues/331

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 14.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-369

Status published

Affected Products (1)

upx/upx < 3.96

Timeline

Published Aug 18, 2022

Tracked Since Feb 18, 2026