Описание
Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libcryptx-perl | unfixed | package | ||
| libcryptx-perl | no-dsa | bookworm | package | |
| libcryptx-perl | postponed | bullseye | package |
Примечания
https://lists.security.metacpan.org/cve-announce/msg/30332012/
https://github.com/libtom/libtommath/pull/546
https://github.com/DCIT/perl-CryptX/security/advisories/GHSA-6fh3-7qjq-8v22
CVE exists because CryptX embeds a version of the libtommath library that is
susceptible to an integer overflow associated with CVE-2023-36328.
EPSS
Связанные уязвимости
Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
EPSS