| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGUWgD8Jb9OcFz2WogScpPKQnF9hjj0Yf9wq6f3QAcqM-02_gA@mail.gmail.com>
Date: Wed, 14 Sep 2022 14:44:39 +0300
From: Georgi Guninski <gguninski@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] over 2000 packages depend on abort()ing libgmp
ping world
libgmp is library about big numbers.
it is not a library for very big numbers, because
if libgmp meets a very big number, it calls abort()
and coredumps.
2442 packages depend on libgmp on ubuntu20.
guest3@...ntu20:~/prim$ apt-cache rdepends libgmp10 | wc -l
2442
gawk crash:
guest3@...ntu20:~/prim$ gawk --bignum 'BEGIN { a = 2 ^ 2 ^41; print "a =", a }'
gmp: overflow in mpz type
Aborted (core dumped)
guest3@...ntu20:~/prim$ gawk 'BEGIN { a = 2 ^ 2 ^41; print "a =", a }'
a = +inf
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists