Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAGUWgD-qOonOY_MakeWtotx4mC6KXsg1zLOo9zzx6DKtdaXLsg@mail.gmail.com>
Date: Thu, 13 Oct 2022 08:43:15 +0300
From: Georgi Guninski <gguninski@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: sagemath denial of service with abort() in gmp:
 overflow in mpz type

On Tue, Sep 6, 2022 at 7:17 PM Russ Allbery <eagle@...ie.org> wrote:
>
>
> I would only call it a DoS if it crosses a privilege boundary.  A user can
> always DoS themselves; that's just Ctrl-C.  :)
>
Observe that ubuntu issue advisory about libgmp crash
without mentioning potential exploitability.

quote:
https://ubuntu.com/security/notices/USN-5672-1

Details
12 October 2022

It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.

References
CVE-2021-43618

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.