cbcvebase.
CVE-2023-36328
published 2023-09-01

CVE-2023-36328: Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary…

PriorityP345critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.25%
65.8th percentile
Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).

Affected

19 ranges
VendorProductVersion rangeFixed in
debianlibcryptx-perl< libcryptx-perl 0.087-1 (forky)libcryptx-perl 0.087-1 (forky)
debianlibtommath< libtommath 1.2.0-6+deb12u1 (bookworm)libtommath 1.2.0-6+deb12u1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
libtomlibtommath< 1.2.11.2.1
libtomlibtommath>= 0 < 1.2.0-6+deb11u11.2.0-6+deb11u1
libtomlibtommath>= 0 < 1.2.0-6+deb12u11.2.0-6+deb12u1
libtomlibtommath>= 0 < 1.2.1-11.2.1-1
libtomlibtommath>= 0 < 1.2.1-11.2.1-1
mikcryptx0.002 – 0.086
msrcazl3_libtommath_1.1.0-5_on_azure_linux_3.0
msrcazl3_tcl_8.6.13-3_on_azure_linux_3.0
msrcazure_linux_3.0_arm
msrcazure_linux_3.0_x64
msrccbl2_libtommath_1.1.0-5_on_cbl_mariner_2.0
msrccbl2_tcl_8.6.13-2_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.