CVE-2021-20285

MEDIUM

UPX 3.96 - Denial of Service via Crafted ELF File

Title source: llm
STIX 2.1

Description

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/upx/upx/issues/421
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1937787

Scores

CVSS v3 6.6
EPSS 0.0075
EPSS Percentile 50.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

Details

CWE
CWE-119 CWE-787
Status published
Products (1)
upx/upx 3.96
Published Mar 26, 2021
Tracked Since Feb 18, 2026