Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines
Vincent Lefevre
vincent at vinc17.net
Fri Sep 17 00:17:10 BST 2021
On 2021-09-16 21:23:34 +0200, Anton Gladky wrote:
> Thanks for the bug report. We will fix it when CVE (if any) will be
> assigned and upstream patch will be available.
FYI, an upstream patch is now available here:
https://gmplib.org/list-archives/gmp-bugs/2021-September/005087.html
> Though, the integer overflows are not making the package unusable in
> most cases.
Yes, but they may introduce security issues, in particular here
because the behavior depends on data from a file, which may be
untrusted. That said, here it is probably wise to check that the
size is not too large in order to prevent the address space from
being exhausted.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the debian-science-maintainers
mailing list