CVE-2021-43618

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions GNU Multiple Precision Arithmetic Library (GMP) versions through 6.2.1

Description The issue is related to an integer overflow and resultant buffer overflow in the mpz/inp raw.c component of the GNU Multiple Precision Arithmetic Library (GMP) on 32-bit platforms. This can be triggered by crafted input, leading to a segmentation fault. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For GNU Multiple Precision Arithmetic Library (GMP) versions through 6.2.1, update to a version later than 6.2.1 to resolve the issue. As a temporary workaround, consider restricting the use of the mpz/inp raw.c component until a patch is available.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2023:6661

ALSA-2024:3214

ALT-PU-2022-2274

ALT-PU-2022-3049

ALT-PU-2022-3096

ALT-PU-2023-5204

AZL-6444

BDU:2022-05776

CESA-2024_3214

CVE-2021-43618

DLA-2837-1

INFSA-2023_6661

INFSA-2024_3214

MGASA-2021-0544

OESA-2021-1460

OPENSUSE-SU-2021:1569-1

OPENSUSE-SU-2021:3946-1

OPENSUSE-SU-2021_1569-1

OPENSUSE-SU-2021_3946-1

OPENSUSE-SU-2024:11636-1

RHSA-2023:6661

RHSA-2023_6661

RHSA-2024:1102

RHSA-2024:1412

RHSA-2024:3214

RHSA-2024_3214

SUSE-SU-2021:3878-1

SUSE-SU-2021:3946-1

SUSE-SU-2021_3878-1

SUSE-SU-2021_3946-1

USN-5672-1

USN-5672-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Gmp

Linuxmint

Red Hat

Suse

Ubuntu

CVE-2021-43618

Weakness Enumeration

Related Identifiers

Affected Products

References · 65