Public Git Hosting - heimdal.git/commit

commit	fd2d434dd375c402d803e6f948cfc6e257d3facc
author	czurnieden <czurnieden@gmx.de>
	Tue, 10 Sep 2024 12:51:41 +0000 (10 08:51 -0400)
committer	Jeffrey Altman <jaltman@auristor.com>
	Tue, 10 Sep 2024 13:00:32 +0000 (10 09:00 -0400)
tree	658c3ceb3ff46fa2feef631e234a2be1505c9d69	tree \| snapshot (tar.gz zip)
parent	614bc1613064bd1c115aed8528922fa985038369	commit \| diff

libtommath: Fix possible integer overflow CVE-2023-36328

Cherry picked from libtommath 7bbc1f8e4fe6dce75055957645117180768efb15.

Vulnerability Detail:
  CVE Identifier: CVE-2023-36328
  Description: Integer Overflow vulnerability in mp_grow in libtom
    libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9,
    allows attackers to execute arbitrary code and cause a denial of
    service (DoS).
  Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-36328

Reported-by: https://github.com/Crispy-fried-chicken

lib/hcrypto/libtommath/bn_mp_2expt.c		diff \| blob \| blame \| history
lib/hcrypto/libtommath/bn_mp_grow.c		diff \| blob \| blame \| history
lib/hcrypto/libtommath/bn_mp_init_size.c		diff \| blob \| blame \| history
lib/hcrypto/libtommath/bn_mp_mul_2d.c		diff \| blob \| blame \| history
lib/hcrypto/libtommath/bn_s_mp_mul_digs.c		diff \| blob \| blame \| history
lib/hcrypto/libtommath/bn_s_mp_mul_digs_fast.c		diff \| blob \| blame \| history
lib/hcrypto/libtommath/bn_s_mp_mul_high_digs.c		diff \| blob \| blame \| history
lib/hcrypto/libtommath/bn_s_mp_mul_high_digs_fast.c		diff \| blob \| blame \| history