UPX Heap-Based Buffer Overflow Vulnerability in PackLinuxElf64 Function

A heap-based buffer overflow vulnerability has been identified in UPX versions prior to 5.0.0. The issue arises in the PackLinuxElf64::un_DT_INIT function within the src/p_lx_elf.cpp file. This vulnerability can be exploited locally by manipulating the input to the unpacking process, leading to a segmentation fault and application crash. The vulnerability has been publicly disclosed and is available as a proof-of-concept exploit.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling UPX with AddressSanitizer enabled, which will detect memory errors such as buffer overflows. After compiling UPX, the vulnerability can be triggered by using the 'upx -df' command option to decompress a crafted file that exploits the buffer overflow. This process can be automated with a simple script that processes multiple files.

Remediation

Users are advised to update to UPX version 5.0.1 or later, where this vulnerability has been fixed.