CVE-2021-43618
Published: 15 November 2021
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
Priority
Low
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
gmp Launchpad, Ubuntu, Debian |
Upstream |
Released
(2:6.2.1+dfsg-3)
|
| Ubuntu 21.10 (Impish Indri) |
Needed
|
|
| Ubuntu 21.04 (Hirsute Hippo) |
Ignored
(reached end-of-life)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Needed
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Needs triage
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Needs triage
|
|
|
Patches: Upstream: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e |
||
Notes
| Author | Note |
|---|---|
| sbeattie | reproducer in debian bug report |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618
- https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
- NVD
- Launchpad
- Debian