Primary

Context

Net::Dropbear Integer Overflow Vulnerability in LibTomMath Library

Vulnerability

Patched

A critical integer overflow vulnerability has been identified in Net::Dropbear versions through 0.16 for Perl. This vulnerability arises from an embedded version of the LibTomMath library, which is susceptible to an integer overflow in the 'mp_grow' function. The flaw allows attackers to execute arbitrary code and cause a denial-of-service condition.

Impact

Exploitation of this vulnerability could lead to arbitrary code execution and the introduction of a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using Net::Dropbear versions through 0.16 for Perl. The integer overflow occurs in the 'mp_grow' function of the embedded LibTomMath library, where a negative size argument can be passed, leading to improper memory allocation and potential code execution.

Remediation

Users can upgrade to Net::Dropbear versions 1.2.1 or later, which includes the necessary patch to address this vulnerability.

Added: Jul 16, 2025, 3:13 PM

Updated: Jul 16, 2025, 3:13 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

5.7

remediation

7.7

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

5.7

remediation

7.7

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Net::Dropbear Integer Overflow Vulnerability in LibTomMath Library

Vulnerability

Impact

Reproduction

Remediation

Affected Products

libtom libtommath

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating