PT-2023-5587 · Libtom+6 · Libtommath+6

Gal1Ium

Published

2023-05-09

Updated

2025-07-16

CVE-2023-36328

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libtom libtommath versions before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9

Description The issue is related to an integer overflow vulnerability in the mp grow function of the libtom libtommath library. This vulnerability can be exploited by a remote attacker to execute arbitrary code and cause a denial of service (DoS). The vulnerability is caused by improper bounds checking, allowing a specially crafted request to overflow a buffer.

Recommendations For libtom libtommath versions before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, update to a version that includes the fix for the integer overflow vulnerability in the mp grow function. As a temporary workaround, consider restricting access to the mp grow function to minimize the risk of exploitation.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2024-5954

AZL-28627

AZL-28639

AZL-35296

AZL-36959

AZL-48187

BDU:2023-06241

BDU:2025-14506

CVE-2023-36328

DLA-3857-1

MGASA-2023-0265

OESA-2023-1625

OPENSUSE-SU-2024:13425-1

ROSA-SA-2024-2529

USN-6402-1

USN-6402-2

Affected Products

Alt Linux

Astra Linux

Ibm Aix

Linuxmint

Red Os

Ubuntu

Libtommath

PT-2023-5587 · Libtom+6 · Libtommath+6

CVE-2023-36328

Weakness Enumeration

Related Identifiers

Affected Products

References · 51