Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-43618: Segmentation fault with mpz_inp_raw on gcc45

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.

CVE
#c++#buffer_overflow#auth

Paul Zimmermann Paul.Zimmermann at inria.fr
Wed Sep 15 12:40:22 UTC 2021

  • Previous message (by thread): libgmp.a text relocation error on powerpc-*

  • Next message (by thread): Segmentation fault with mpz_inp_raw on gcc45

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi,

with gmp-6.2.1 and the following program:

zimmerma at gcc45:~/ecm$ cat test.c #include <stdio.h> #include <stdlib.h> #include <gmp.h>

main() { mpz_t s; FILE *file; int ret; mpz_init (s); file = fopen ("test_dummy2.save", “rb”); ret = mpz_inp_raw (s, file); }

I get a Segmentation fault on gcc45 with the following file:

$ cat test_dummy2.save -e

this is a comment line and should be ignored

gdb says:

Program received signal SIGSEGV, Segmentation fault. __mempcpy_ia32 () at …/sysdeps/i386/i686/multiarch/…/mempcpy.S:50 50 …/sysdeps/i386/i686/multiarch/…/mempcpy.S: No such file or directory. (gdb) where #0 __mempcpy_ia32 () at …/sysdeps/i386/i686/multiarch/…/mempcpy.S:50 #1 0xb7e72388 in __GI__IO_file_xsgetn (fp=0x804a008, data=0x8a7b200a, n=761596426) at fileops.c:1388 #2 0xb7e74138 in __GI__IO_sgetn (fp=fp at entry=0x804a008, data=data at entry=0x8a7b200a, n=n at entry=761596426) at genops.c:495 #3 0xb7e67a19 in __GI__IO_fread (buf=0x8a7b200a, size=761596426, count=1, fp=0x804a008) at iofread.c:42 #4 0x080486f4 in __gmpz_inp_raw () #5 0x08048602 in main () at test.c:12

I suspect the issue is due to "-e" in the first line, since there is no error if I remove that line.

Paul

  • Previous message (by thread): libgmp.a text relocation error on powerpc-*
  • Next message (by thread): Segmentation fault with mpz_inp_raw on gcc45
  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the gmp-bugs mailing list

Related news

Red Hat Security Advisory 2024-1412-03

Red Hat Security Advisory 2024-1412-03 - An update for gmp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and integer overflow vulnerabilities.

Gentoo Linux Security Advisory 202309-13

Gentoo Linux Security Advisory 202309-13 - A buffer overflow vulnerability has been found in GMP which could result in denial of service. Versions greater than or equal to 6.2.1-r2 are affected.

CVE-2023-28069: DSA-2022-258: Dell Streaming Data Platform Security Update for Multiple Third-Party Component Vulnerabilities

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]

Ubuntu Security Notice USN-5672-1

Ubuntu Security Notice 5672-1 - It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907