#VU63553 Integer overflow


Published: 2022-05-24

Vulnerability identifier: #VU63553

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-43618

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
gmp
Other software / Other software solutions

Vendor: gmplib.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in mpz/inp_raw.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

gmp: 6.2.0 - 6.2.1


CPE

External links
http://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
http://bugs.debian.org/994405
http://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
http://lists.debian.org/debian-lts-announce/2021/12/msg00001.html


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability