{"id":"CVE-2024-3209","details":"A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.","modified":"2026-04-09T10:06:31.616522Z","published":"2024-04-02T23:15:55.083Z","related":["MGASA-2024-0134"],"references":[{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AE5OZ7YUEVLXVVS6PFP5RELVICQ4K6QK/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4DNK3AFPT4KIPTBKGCJ6FC3L7AWI2TN/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZHWZN2NX5W3WYA6ACJ746PAZXXNZETKD/"},{"type":"ADVISORY","url":"https://vuldb.com/?id.259055"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.259055"},{"type":"EVIDENCE","url":"https://drive.google.com/drive/folders/1qlUXvycOzGJygfkdQB9dGO6VwNRRZoih?usp=sharing"},{"type":"EVIDENCE","url":"https://vuldb.com/?submit.304575"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/upx/upx","events":[{"introduced":"0"},{"last_affected":"099c3d829e80488af7395a4242b318877e980da4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.2.2"}]}}],"versions":["v1.10","v1.11","v1.90","v1.91","v1.92","v1.93","v1.94","v1.95","v1.96","v2.00","v2.01","v2.90","v2.91","v2.92","v2.93","v3.00","v3.01","v3.02","v3.03","v3.04","v3.06","v3.07","v3.09","v3.91","v3.92","v3.93","v3.95","v3.96","v3.99","v4.0.0","v4.0.1","v4.0.2","v4.1.0","v4.2.0","v4.2.1","v4.2.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3209.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}