CVE-2018-11243 - PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of serv

CVE-2018-11243

Summary

PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.

References

Vulnerable Configurations

cpe:2.3:a:upx_project:upx:3.95:*:*:*:*:*:*:*
cpe:2.3:a:upx_project:upx:3.95:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 03-02-2020 - 03:15)
Impact:
Exploitability:

CWE

CWE-415

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

fedora	FEDORA-2020-20cf0743f5 FEDORA-2020-67590fbf08
misc	https://github.com/upx/upx/blob/devel/NEWS https://github.com/upx/upx/issues/206 https://github.com/upx/upx/issues/207
suse	openSUSE-SU-2020:0162 openSUSE-SU-2020:0163 openSUSE-SU-2020:0179 openSUSE-SU-2020:0180

Last major update

03-02-2020 - 03:15

Published

18-05-2018 - 17:29

Last modified

03-02-2020 - 03:15