Vulnerability CVE-2021-43618


Published: 2021-11-15

Description:
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.

Type:

CWE-190

(Integer Overflow or Wraparound)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Gmplib -> GMP 

 References:
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
https://bugs.debian.org/994405
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e

Copyright 2024, cxsecurity.com

 

Back to Top