Описание
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.
Отчет
Exploitation is only possible on 32-bit systems. The susceptible GMP package is not tethered to the network stack, so it can only be exploited via a file already on the local system. This can be achieved either by the attacker gaining local login credentials or alternatively; by tricking a user into loading then executing a malicious file. Because of these combined reasons Red Hat Product Security rates the impact as Moderate.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | gmp | Out of support scope | ||
| Red Hat Enterprise Linux 7 | gmp | Out of support scope | ||
| Red Hat Enterprise Linux 8 | gmp | Fixed | RHSA-2024:3214 | 22.05.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | gmp | Fixed | RHSA-2024:1102 | 05.03.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | gmp | Fixed | RHSA-2024:1412 | 19.03.2024 |
| Red Hat Enterprise Linux 9 | gmp | Fixed | RHSA-2023:6661 | 07.11.2023 |
| Red Hat Enterprise Linux 9 | gmp | Fixed | RHSA-2023:6661 | 07.11.2023 |
| RHOL-5.6-RHEL-8 | openshift-logging/cluster-logging-operator-bundle | Fixed | RHSA-2024:2092 | 01.05.2024 |
| RHOL-5.6-RHEL-8 | openshift-logging/cluster-logging-rhel8-operator | Fixed | RHSA-2024:2092 | 01.05.2024 |
| RHOL-5.6-RHEL-8 | openshift-logging/elasticsearch6-rhel8 | Fixed | RHSA-2024:2092 | 01.05.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.2 Medium
CVSS3
Связанные уязвимости
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...
EPSS
6.2 Medium
CVSS3