oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

libtommath: Fix possible integer overflow CVE-2023-36328

Browse Source 
Cherry picked from libtommath 7bbc1f8e4fe6dce75055957645117180768efb15.

Vulnerability Detail:
  CVE Identifier: CVE-2023-36328
  Description: Integer Overflow vulnerability in mp_grow in libtom
    libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9,
    allows attackers to execute arbitrary code and cause a denial of
    service (DoS).
  Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-36328

Reported-by: https://github.com/Crispy-fried-chicken
This commit is contained in:
czurnieden
2024-09-10 08:51:41 -04:00
committed by Jeffrey Altman
parent 614bc16130
commit fd2d434dd3
8 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/hcrypto/libtommath/bn_mp_mul_2d.c
View File

@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
mp_digit d;
mp_err err;
if (b < 0) {
return MP_VAL;
}
/* copy */
if (a != c) {
if ((err = mp_copy(a, c)) != MP_OKAY) {