CVE-2019-20021
CVE-2019-20021
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-02/msg00007.htmlhttps://github.com/upx/upx/issues/315https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D7XU42G6MUQQXHWRP7DCF2JSIBOJ5GOO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EUTVSTXAFTD552NO2K2RIF6MDQEHP3BE/