CVE-2023-36328Integer Overflow or Wraparound in Libtommath

CWE-190Integer Overflow or Wraparound12 documents6 sources
Severity
9.8CRITICALNVD
NVD6.5
EPSS
0.5%
top 33.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Libtom LibtommathDebian Libcryptx-perlDebian Libtommath+10 more
Timeline
PublishedSep 1
Latest updateJul 16

Description

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages13 packages

NVDlibtom/libtommath< 1.2.1
debiandebian/libtommath< libtommath 1.2.0-6+deb12u1 (bookworm)
Debianlibtom/libtommath< 1.2.0-6+deb11u1+3

Also affects: Fedora 37, 38, 39

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-x86q-3xjx-wg89: Net::Dropbear versions through 02025-07-16
OSV
CVE-2025-40914: Perl CryptX before version 02025-06-11
GHSA
GHSA-j3xv-6967-cv88: Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arb2023-09-01
OSV
CVE-2023-36328: Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arb2023-09-01

📋Vendor Advisories

5
Debian
CVE-2025-40914: libcryptx-perl - Perl CryptX before version 0.087 contains a dependency that may be susceptible t...2025
Ubuntu
LibTomMath vulnerability2023-11-27
Ubuntu
LibTomMath vulnerability2023-10-02
Microsoft
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 allows attackers to execute arbitrary code and cause a denial of service (DoS).2023-09-12
Debian
CVE-2023-36328: libtommath - Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beb...2023
CVE-2023-36328 — Integer Overflow or Wraparound | cvebase