CVE-2021-30501
MEDIUMUPX 4.0.0 - Denial of Service via Crafted File in MemBuffer::alloc()
Title source: llmDescription
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
References (4)
Core 4
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1948696
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/upx/upx/issues/486
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/upx/upx/pull/487
Patch, Third Party Advisory x_refsource_misc
https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46
Scores
CVSS v3
5.5
EPSS
0.0034
EPSS Percentile
56.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-617
CWE-20
Status
published
Products (3)
fedoraproject/fedora
33
redhat/enterprise_linux
7.0
upx/upx
4.0.0
Published
May 27, 2021
Tracked Since
Feb 18, 2026