Vulnerability Details CVE-2023-36328
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.7%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/libtom/libtommath/pull/546
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3H2PFUTBKQUDSOJXQQS7LUSZQWT3JTW2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46GORAXZ34MHQNUGJBKS7PJ5NSMIAJGC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ZUPWZGPFJ4JOI2NIP7YLRKZD5YXQTBK/
- https://github.com/libtom/libtommath/pull/546
- https://lists.debian.org/debian-lts-announce/2024/09/msg00011.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3H2PFUTBKQUDSOJXQQS7LUSZQWT3JTW2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46GORAXZ34MHQNUGJBKS7PJ5NSMIAJGC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6ZUPWZGPFJ4JOI2NIP7YLRKZD5YXQTBK/
Products affected by CVE-2023-36328
-
cpe:2.3:a:libtom:libtommath:-
-
cpe:2.3:a:libtom:libtommath:0.01
-
cpe:2.3:a:libtom:libtommath:0.02
-
cpe:2.3:a:libtom:libtommath:0.03
-
cpe:2.3:a:libtom:libtommath:0.04
-
cpe:2.3:a:libtom:libtommath:0.05
-
cpe:2.3:a:libtom:libtommath:0.06
-
cpe:2.3:a:libtom:libtommath:0.07
-
cpe:2.3:a:libtom:libtommath:0.08
-
cpe:2.3:a:libtom:libtommath:0.09
-
cpe:2.3:a:libtom:libtommath:0.10
-
cpe:2.3:a:libtom:libtommath:0.11
-
cpe:2.3:a:libtom:libtommath:0.12
-
cpe:2.3:a:libtom:libtommath:0.13
-
cpe:2.3:a:libtom:libtommath:0.14
-
cpe:2.3:a:libtom:libtommath:0.15
-
cpe:2.3:a:libtom:libtommath:0.16
-
cpe:2.3:a:libtom:libtommath:0.17
-
cpe:2.3:a:libtom:libtommath:0.18
-
cpe:2.3:a:libtom:libtommath:0.19
-
cpe:2.3:a:libtom:libtommath:0.20
-
cpe:2.3:a:libtom:libtommath:0.21
-
cpe:2.3:a:libtom:libtommath:0.22
-
cpe:2.3:a:libtom:libtommath:0.23
-
cpe:2.3:a:libtom:libtommath:0.24
-
cpe:2.3:a:libtom:libtommath:0.25
-
cpe:2.3:a:libtom:libtommath:0.26
-
cpe:2.3:a:libtom:libtommath:0.27
-
cpe:2.3:a:libtom:libtommath:0.28
-
cpe:2.3:a:libtom:libtommath:0.29
-
cpe:2.3:a:libtom:libtommath:0.30
-
cpe:2.3:a:libtom:libtommath:0.31
-
cpe:2.3:a:libtom:libtommath:0.32
-
cpe:2.3:a:libtom:libtommath:0.33
-
cpe:2.3:a:libtom:libtommath:0.34
-
cpe:2.3:a:libtom:libtommath:0.35
-
cpe:2.3:a:libtom:libtommath:0.36
-
cpe:2.3:a:libtom:libtommath:0.37
-
cpe:2.3:a:libtom:libtommath:0.38
-
cpe:2.3:a:libtom:libtommath:0.39
-
cpe:2.3:a:libtom:libtommath:0.40
-
cpe:2.3:a:libtom:libtommath:0.41
-
cpe:2.3:a:libtom:libtommath:0.42.0
-
cpe:2.3:a:libtom:libtommath:0.43.0
-
cpe:2.3:a:libtom:libtommath:1.0.0
-
cpe:2.3:a:libtom:libtommath:1.0.1
-
cpe:2.3:a:libtom:libtommath:1.1.0
-
cpe:2.3:a:libtom:libtommath:1.2.0
-
cpe:2.3:o:fedoraproject:fedora:37
-
cpe:2.3:o:fedoraproject:fedora:38
-
cpe:2.3:o:fedoraproject:fedora:39