Package gmp updated to version 6.2.1-alt5 for branch p10 in task 309809.

Published: 2021-09-15

BDU:2022-05776

Уязвимость компонента mpz/inp_raw.c библиотеки арифметических операций GMP на 32-разрядных платформах, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2021-43618

Published: 2021-11-15
Modified: 2024-11-21

CVE-2021-43618

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

20221016 Re: over 2000 packages depend on abort()ing libgmp
20221016 Re: over 2000 packages depend on abort()ing libgmp
[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type
[oss-security] 20221013 Re: sagemath denial of service with abort() in gmp: overflow in mpz type
https://bugs.debian.org/994405
https://bugs.debian.org/994405
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update
[debian-lts-announce] 20211202 [SECURITY] [DLA 2837-1] gmp security update
GLSA-202309-13
GLSA-202309-13
https://security.netapp.com/advisory/ntap-20221111-0001/
https://security.netapp.com/advisory/ntap-20221111-0001/

Version: 2.1.0

Package gmp update in p10 on 2022-11-17

ALT-PU-2022-3096-1

Closed vulnerabilities

BDU:2022-05776

CVE-2021-43618