Integer Overflow in getElfSections Function in UPX 3.95 Allows Remote Denial of Service

Integer Overflow in getElfSections Function in UPX 3.95 Allows Remote Denial of Service

CVE-2019-14295 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.

Learn more about our Web Application Penetration Testing UK.