Bugzilla – Bug 1209770
VUL-0: CVE-2021-43316: upx: Heap-based buffer overflow in func get_le64()
Last modified: 2024-06-07 14:01:10 UTC
CVE-2021-43316 A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43316 https://www.cve.org/CVERecord?id=CVE-2021-43316 https://github.com/upx/upx/issues/381
Affected: - openSUSE:Backports:SLE-15-SP4/upx 3.96 Not Affected: - openSUSE:Factory/upx 4.0.2
openSUSE-SU-2023:0088-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 1183510,1184701,1184702,1207121,1207122,1209765,1209766,1209767,1209768,1209769,1209770,1209771 CVE References: CVE-2021-20285,CVE-2021-30500,CVE-2021-30501,CVE-2021-43311,CVE-2021-43312,CVE-2021-43313,CVE-2021-43314,CVE-2021-43315,CVE-2021-43316,CVE-2021-43317,CVE-2023-23456,CVE-2023-23457 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): upx-4.0.2-bp154.4.6.1
As per a comment [0] in the upstream issue related to this vulnerability [1], the reported problem is not present in version 4.0.2 of upx (the fix for the issue is present in version 4.0.2). All currently supported codestreams are at version 4.0.2 or higher, meaning they are not affected by this issue. [0] https://github.com/upx/upx/issues/381#issuecomment-1511885176 [1] https://github.com/upx/upx/issues/381