Headline
Gentoo Linux Security Advisory 202309-13
Gentoo Linux Security Advisory 202309-13 - A buffer overflow vulnerability has been found in GMP which could result in denial of service. Versions greater than or equal to 6.2.1-r2 are affected.
Gentoo Linux Security Advisory GLSA 202309-13
https://security.gentoo.org/
Severity: Normal
Title: GMP: Buffer Overflow Vulnerability
Date: September 29, 2023
Bugs: #823804
ID: 202309-13
Synopsis
A buffer overflow vulnerability has been found in GMP which could result
in denial of service.
Background
The GNU Multiple Precision Arithmetic Library is a library forarbitrary-
precision arithmetic on different types of numbers.
Affected packages
Package Vulnerable Unaffected
dev-libs/gmp < 6.2.1-r2 >= 6.2.1-r2
Description
There is an integer overflow leading to a buffer overflow when
processing untrusted input via GMP’s mpz_inp_raw function.
Impact
Untrusted input can cause a denial of service via segmentation fault.
Workaround
Users can ensure no untrusted input is passed into GMP’s mpz_inp_raw
function.
Resolution
All GMP users should upgrade to the latest version:
emerge --sync
emerge --ask --oneshot --verbose “>Þv-libs/gmp-6.2.1-r2”
References
[ 1 ] CVE-2021-43618
https://nvd.nist.gov/vuln/detail/CVE-2021-43618
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202309-13
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Related news
Red Hat Security Advisory 2024-1412-03 - An update for gmp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow and integer overflow vulnerabilities.
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Ubuntu Security Notice 5672-1 - It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service.
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.