firebird icon indicating copy to clipboard operation
firebird copied to clipboard
verified publisher icon FirebirdSQL

Fix potential vulnerable cloned function

Open npt-1707 opened this issue 7 months ago • 3 comments

Hi Development Team,

I identified a potential integer overflow in clone functions in files in extern/libtommath sourced from libtom/libtommath. This issue, originally reported in CVE-2023-36328, was resolved in the repository via this commit https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9.

This PR applies the corresponding patch to fix the vulnerability in this codebase.

Please review at your convenience. Thank you!

npt-1707 avatar May 21 '25 22:05 npt-1707

@AlexPeshkoff should it be merged or were there any reasons to postpone it?

dyemanov avatar Oct 06 '25 13:10 dyemanov

@AlexPeshkoff should it be merged or were there any reasons to postpone it?

The only reason not to merge - our code never calls tommath functions in wrong way like negative number of digits. On the other hand - changes are absolutely safe. What do you think - do we need such fix, or may be just switch to fresh tommath version?

AlexPeshkoff avatar Oct 06 '25 14:10 AlexPeshkoff

For v6, I suppose we may just update our libtom-imported sources. If this needs to be backported, the suggested patch is preferred -- although I doubt this is necessary given that our usage of the library is not affected by this CVE.

dyemanov avatar Oct 07 '25 06:10 dyemanov