CVE-2024-3209

CVSS V2 None CVSS V3 None

Description

A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Overview

CVE ID
CVE-2024-3209

Assigner
VulDB

Vulnerability Status
PUBLISHED

Published Version
2024-04-02T23:00:05.494Z

Last Modified Date
2024-06-04T17:33:05.311Z

Weakness Enumerations

CWE	URL
CWE-122	http://cwe.mitre.org/data/definitions/122.html

References

Reference URL	Reference Tags
https://vuldb.com/?id.259055	vdb-entry technical-description
https://vuldb.com/?ctiid.259055	signature permissions-required
https://vuldb.com/?submit.304575	third-party-advisory
https://drive.google.com/drive/folders/1qlUXvycOzGJygfkdQB9dGO6VwNRRZoih?usp=sharing	exploit
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHWZN2NX5W3WYA6ACJ746PAZXXNZETKD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4DNK3AFPT4KIPTBKGCJ6FC3L7AWI2TN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AE5OZ7YUEVLXVVS6PFP5RELVICQ4K6QK/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-3209
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3209

History

Created	Old Value	New Value	Data Type	Notes
2024-06-23 22:58:26				Added to TrackCVE