Login Sign Up

CVE-2020-24119

7.1 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2020-24119 is a heap buffer overflow vulnerability in UPX 4.0.0's ELF file parser that allows reading beyond allocated memory boundaries. This affects systems using UPX for executable compression or analysis. Attackers could potentially exploit this to crash applications or leak sensitive memory contents.

💻 Affected Systems

Products:
  • UPX (Ultimate Packer for eXecutables)
Versions: Version 4.0.0 specifically
Operating Systems: Linux, Unix-like systems that use ELF binaries
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects UPX when processing ELF format files. Windows PE files and other formats are not affected by this specific vulnerability.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Upx by Upx

View all CVEs affecting Upx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if combined with other vulnerabilities, or sensitive information disclosure from process memory.

🟠

Likely Case

Application crash (denial of service) when processing maliciously crafted ELF files with UPX.

🟢

If Mitigated

No impact if UPX is not used to process untrusted ELF files or if proper input validation is implemented.

🌐 Internet-Facing: MEDIUM - Risk exists if UPX processes user-uploaded files or internet-facing services use UPX for compression.
🏢 Internal Only: LOW - Risk primarily exists during development/build processes or when analyzing untrusted ELF files internally.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious ELF file that triggers the buffer overflow. Proof of concept exists in GitHub issue #388.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UPX 4.0.1 and later

Vendor Advisory: https://github.com/upx/upx/issues/388

Restart Required: No

Instructions:

1. Download UPX 4.0.1 or later from https://github.com/upx/upx/releases
2. Replace existing UPX binary with the patched version
3. Verify installation with 'upx --version'

🔧 Temporary Workarounds

Disable UPX for ELF processing

all

Avoid using UPX to compress or analyze ELF files from untrusted sources

Use alternative compression tools

linux

Replace UPX with gzip, xz, or other compression utilities for ELF files

🧯 If You Can't Patch

  • Restrict UPX usage to trusted ELF files only
  • Implement strict input validation and sandboxing for UPX processes

🔍 How to Verify

Check if Vulnerable:

Run 'upx --version' and check if output shows 4.0.0

Check Version:

upx --version | head -1

Verify Fix Applied:

Run 'upx --version' and confirm version is 4.0.1 or higher

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or crash logs from UPX processes
  • Unexpected memory access errors in system logs

Network Indicators:

  • Unusual file uploads to systems using UPX
  • Multiple failed compression attempts

SIEM Query:

process.name:upx AND (event.action:segfault OR event.action:crash)

📊 Metadata

CVE ID: CVE-2020-24119
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE: CWE-125
Published: May 14, 2021
Last Updated: April 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24119, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)