Vulnerability roundup 108: gmp-4.3.2: 1 advisory [7.5]

NixOS / nixpkgs

Nix Packages collection & NixOS

MIT License

18.3k stars 14.27k forks source link

Vulnerability roundup 108: gmp-4.3.2: 1 advisory [7.5] #147873

Open ckauhaus opened 2 years ago

ckauhaus commented 2 years ago

search, files

[ ] CVE-2021-43618 CVSSv3=7.5 (nixos-21.05, nixos-unstable)

CVE details

CVE-2021-43618

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.

Scanned versions: nixos-21.05: 4f37689c8a2; nixos-unstable: 942eb9a335b.

tomodachi94 commented 1 month ago

Patched later by https://github.com/NixOS/nixpkgs/pull/149488, but 4.3.1 is still vulnerable.