PT-2023-5587 · Libtom+6 · Libtommath+6

Gal1Ium

Publicado

2023-05-09

Atualizado

2025-07-16

CVE-2023-36328

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libtom libtommath versions before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9

Description The issue is related to an integer overflow vulnerability in the mp grow function of the libtom libtommath library. This vulnerability can be exploited by a remote attacker to execute arbitrary code and cause a denial of service (DoS). The vulnerability is caused by improper bounds checking, allowing a specially crafted request to overflow a buffer.

Recommendations For libtom libtommath versions before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, update to a version that includes the fix for the integer overflow vulnerability in the mp grow function. As a temporary workaround, consider restricting access to the mp grow function to minimize the risk of exploitation.

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2024-5954

AZL-28627

AZL-28639

AZL-35296

AZL-36959

AZL-48187

BDU:2023-06241

BDU:2025-14506

CVE-2023-36328

DLA-3857-1

MGASA-2023-0265

OESA-2023-1625

OPENSUSE-SU-2024:13425-1

ROSA-SA-2024-2529

USN-6402-1

USN-6402-2

Produtos afetados

Alt Linux

Astra Linux

Ibm Aix

Linuxmint

Red Os

Ubuntu

Libtommath

PT-2023-5587 · Libtom+6 · Libtommath+6

CVE-2023-36328

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 51