Read Time:25 Second
Posted by Matthew Fernandez on Oct 16
I am not quite sure what point you’re making. CVE-2021-43618 is a
different issue; a programming error that results in a segfault. I.e.
even if an application using libgmp supplied their own allocator,¹ they
could still experience segfaults when dealing with malicious input.
The case you brought to FD (IIUC) is an input including large numbers
that causes libgmp to exhaust memory when dealing with them. In this
case, an application…