Volerion logoVolerion
Volerion logoVolerion

Perl CryptX Integer Overflow Vulnerability in Embedded LibTomMath Library

Vulnerability

A critical integer overflow vulnerability has been identified in Perl CryptX versions prior to 0.087. This issue arises from CryptX embedding a vulnerable version of the LibTomMath library, which is susceptible to an integer overflow in the 'mp_grow' function. The overflow can be exploited by attackers to execute arbitrary code and cause a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for arbitrary code execution and the introduction of a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by using a version of Perl CryptX prior to 0.087 that includes the vulnerable LibTomMath library. The 'mp_grow' function can be called with a negative size argument, which triggers the integer overflow.

Remediation

Users can upgrade to Perl CryptX version 0.087 or later, which addresses this vulnerability by including a patched version of the LibTomMath library. Instructions for upgrading can be found in the Perl CryptX documentation.

Added: Jun 11, 2025, 2:20 PM
Updated: Jun 11, 2025, 3:33 PM

Vulnerability Rating

Custom Algorithm
spread
2.4
impact
7.5
exploitability
5.7
remediation
0.0
relevance
0.2
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.