CVE-2024-50610 — Integer Overflow or Wraparound in Scientific Library

CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

3.6LOWNVD

EPSS

0.0%

top 88.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian GSL GNU Scientific Library

Timeline

PublishedOct 27

Latest updateOct 28

Description

GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_siman_solve_many in siman/siman.c. When params.n_tries is negative, incorrect memory allocation occurs.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 1.0 | Impact: 2.5

Affected Packages2 packages

▶NVDgnu/gnu_scientific_library2.8

▶debiandebian/gsl< gsl 2.8+dfsg-4 (forky)

🔴Vulnerability Details

GHSA

GHSA-pj8w-xcg3-82vx: GSL (GNU Scientific Library) through 2↗2024-10-28

▶

OSV

CVE-2024-50610: GSL (GNU Scientific Library) through 2↗2024-10-27

▶

📋Vendor Advisories

Red Hat

gsl: integer overflow in gsl/siman/siman.c↗2024-10-27

▶

Debian

CVE-2024-50610: gsl - GSL (GNU Scientific Library) through 2.8 has an integer signedness error in gsl_...↗2024

▶