CVE-2026-48863

A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...

MiracleLinux 8 : firefox-128.14.0-2.el8_10.ML.1 (AXSA:2025-10786:30)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10786:30 advisory. firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component CVE-2025-9182 thunderbird: firefox: Sandbox escap...

CVE-2025-9179 Sandbox escape due to invalid pointer in the Audio/Video: GMP component

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

SUSE CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.

...

USN-5672-1: GMP vulnerability

It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service...

AZL-6444 CVE-2021-43618 affecting package gmp for versions less than 6.2.1-2

GNU Multiple Precision Arithmetic Library GMP through 6.2.1 has an mpz/inpraw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms...

[SECURITY] Fedora 35 Update: python-mpmath-1.2.1-2.fc35

Mpmath is a pure-Python library for multiprecision floating-point arithmetic. It provides an extensive set of transcendental functions, unlimited exponent sizes, complex numbers, interval arithmetic, numerical integration and differentiation, root-finding, linear algebra, and much more. Almost an...

Fedora: Security Advisory for python-mpmath (FEDORA-2021-fc30c0de34)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: python-mpmath-1.2.1-2.fc34

Mpmath is a pure-Python library for multiprecision floating-point arithmetic. It provides an extensive set of transcendental functions, unlimited exponent sizes, complex numbers, interval arithmetic, numerical integration and differentiation, root-finding, linear algebra, and much more. Almost an...

ALPINE-CVE-2018-17540

The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a crafted certificate...

Multiple issues in OpenSSL - BN (multiprecision integer arithmetics).

General info: ============= The bn multiprecision integer arithmetics part of the OpenSSL library is prone to null ptr deref, off-by-one and others resulting in DoS/crashes. Versions tested were between 0.9.8k and 1.0.1e. We were too lazcough busy to prepare the fancy table, sorry guys. Some PoC...

DEBIAN-CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...

CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...

Null pointer dereference

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...

CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...

CVE-2008-4551

strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service daemon crash via an IKESAINIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpzexport function in the GNU Multiprecision...