Bug#994405: libgmp10:i386: buffer overflow due to integer overflow in mpz/inp_raw.c on 32-bit machines

Anton Gladky gladk at debian.org
Fri Sep 17 06:02:48 BST 2021


Thanks, Vincent, for the information. I would still wait for CVE,
so we can apply a patch and track vulnerability for other
Debian versions (stable/oldstable/o-o-stable etc.).

Regards

Anton


Am Fr., 17. Sept. 2021 um 01:17 Uhr schrieb Vincent Lefevre <
vincent at vinc17.net>:

> On 2021-09-16 21:23:34 +0200, Anton Gladky wrote:
> > Thanks for the bug report. We will fix it when CVE (if any) will be
> > assigned and upstream patch will be available.
>
> FYI, an upstream patch is now available here:
>
>   https://gmplib.org/list-archives/gmp-bugs/2021-September/005087.html
>
> > Though, the integer overflows are not making the package unusable in
> > most cases.
>
> Yes, but they may introduce security issues, in particular here
> because the behavior depends on data from a file, which may be
> untrusted. That said, here it is probably wise to check that the
> size is not too large in order to prevent the address space from
> being exhausted.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-science-maintainers/attachments/20210917/205e207b/attachment.htm>


More information about the debian-science-maintainers mailing list