PT-2023-25536 · Relic · Relic
Jy
·
Published
2023-09-01
·
Updated
2023-09-06
·
CVE-2023-36326
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
RELIC versions before commit 34580d840469361ba9b5f001361cad659687b9ab
Description
The issue allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling the
realloc function in the bn grow function.Recommendations
For versions before commit 34580d840469361ba9b5f001361cad659687b9ab, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting the use of the
bn grow function until a patch is available.
Avoid using the realloc function in the bn grow function until the issue is resolved.Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Relic