GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2022/Oct/8 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2022/10/13/3 | Mailing List Third Party Advisory |
https://bugs.debian.org/994405 | Mailing List Third Party Advisory |
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html | Exploit Third Party Advisory |
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202309-13 | |
https://security.netapp.com/advisory/ntap-20221111-0001/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
29 Sep 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Dec 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221111-0001/ - Third Party Advisory | |
First Time |
Netapp active Iq Unified Manager
Netapp h500s Netapp h700s Netapp h700s Firmware Netapp h410c Firmware Netapp Netapp h410s Netapp h300s Netapp h300s Firmware Netapp h500s Firmware Netapp h410c Netapp h410s Firmware |
14 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Nov 2022, 03:41
Type | Values Removed | Values Added |
---|---|---|
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Oct/8 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/10/13/3 - Mailing List, Third Party Advisory |
17 Oct 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Oct 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Dec 2021, 18:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html - Mailing List, Third Party Advisory |
02 Dec 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Nov 2021, 21:07
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 | |
CPE | cpe:2.3:a:gmplib:gmp:*:*:*:*:*:*:x86:* | |
References | (MISC) https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e - Patch, Third Party Advisory | |
References | (MISC) https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html - Exploit, Third Party Advisory | |
References | (MISC) https://bugs.debian.org/994405 - Mailing List, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
15 Nov 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-15 04:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-43618
Mitre link : CVE-2021-43618
CVE.ORG link : CVE-2021-43618
JSON object : View
Products Affected
gmplib
- gmp
debian
- debian_linux
netapp
- h700s_firmware
- h700s
- h300s_firmware
- h410c
- h410s
- active_iq_unified_manager
- h500s_firmware
- h410s_firmware
- h500s
- h410c_firmware
- h300s
CWE
CWE-190
Integer Overflow or Wraparound