Date: Thu, 13 Oct 2022 08:43:15 +0300 From: Georgi Guninski <gguninski@...il.com> To: oss-security@...ts.openwall.com Subject: Re: sagemath denial of service with abort() in gmp: overflow in mpz type On Tue, Sep 6, 2022 at 7:17 PM Russ Allbery <eagle@...ie.org> wrote: > > > I would only call it a DoS if it crosses a privilege boundary. A user can > always DoS themselves; that's just Ctrl-C. :) > Observe that ubuntu issue advisory about libgmp crash without mentioning potential exploitability. quote: https://ubuntu.com/security/notices/USN-5672-1 Details 12 October 2022 It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service. References CVE-2021-43618
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.