Vulnerability CVE-2021-43618: Information
Description
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| gmp | sisyphus | 6.2.1-alt5 | 6.3.0-alt1 | ALT-PU-2022-3049-1 | 309797 | Fixed |
| gmp | sisyphus_e2k | 6.2.1-alt5 | 6.3.0-alt1 | ALT-PU-2022-7000-1 | - | Fixed |
| gmp | sisyphus_riscv64 | 6.2.1-alt5 | 6.3.0-alt1 | ALT-PU-2022-7007-1 | - | Fixed |
| gmp | p10 | 6.2.1-alt5 | 6.2.1-alt5 | ALT-PU-2022-3096-1 | 309809 | Fixed |
| gmp | p10_e2k | 6.2.1-alt5 | 6.2.1-alt5 | ALT-PU-2022-7096-1 | - | Fixed |
| gmp | c10f1 | 6.2.1-alt5 | 6.2.1-alt5 | ALT-PU-2022-3096-1 | 309809 | Fixed |
| gmp | c9f2 | 6.1.2-alt3.c9f2.1 | 6.1.2-alt3.c9f2.1 | ALT-PU-2022-2274-1 | 302419 | Fixed |
| gmp | p11 | 6.2.1-alt5 | 6.3.0-alt1 | ALT-PU-2022-3049-1 | 309797 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html |
|
| https://bugs.debian.org/994405 |
|
| https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e |
|
| [debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update |
|
| [oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type |
|
| 20221016 Re: over 2000 packages depend on abort()ing libgmp |
|
| https://security.netapp.com/advisory/ntap-20221111-0001/ |
|
| GLSA-202309-13 |