Advisory Database
  • Advisories
  • Dependency Scanning
  1. conan
  2. ›
  3. libtommath
  4. ›
  5. CVE-2023-36328

CVE-2023-36328: Integer Overflow or Wraparound

September 1, 2023 (updated September 16, 2025)

Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).

References

  • github.com/libtom/libtommath/pull/546
  • lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3H2PFUTBKQUDSOJXQQS7LUSZQWT3JTW2/
  • nvd.nist.gov/vuln/detail/CVE-2023-36328

Code Behaviors & Features

Detect and mitigate CVE-2023-36328 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 1.2.1

Fixed versions

  • 1.2.1

Solution

Upgrade to version 1.2.1 or later.

Impact 9.8 CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Learn more about CVSS

Weakness

  • CWE-190: Integer Overflow or Wraparound

Source file

conan/libtommath/CVE-2023-36328.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Mon, 22 Sep 2025 12:17:57 +0000.