Category Archives: Advisories

APPLE-SA-2022-10-10-1 iOS 16.0.3

October 16, 2022

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Oct 16

APPLE-SA-2022-10-10-1 iOS 16.0.3

iOS 16.0.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213480.

Mail
Available for: iPhone 8 and later
Impact: Processing a maliciously crafted email message may lead to a
denial-of-service
Description: An input validation issue was addressed with improved
input validation.
CVE-2022-22658

This update is available through iTunes and…

Advisories

Re: over 2000 packages depend on abort()ing libgmp

October 16, 2022

Read Time:25 Second

Posted by Matthew Fernandez on Oct 16

I am not quite sure what point you’re making. CVE-2021-43618 is a
different issue; a programming error that results in a segfault. I.e.
even if an application using libgmp supplied their own allocator,¹ they
could still experience segfaults when dealing with malicious input.

The case you brought to FD (IIUC) is an input including large numbers
that causes libgmp to exhaust memory when dealing with them. In this
case, an application…

Advisories

Re: over 2000 packages depend on abort()ing libgmp

October 16, 2022

Read Time:23 Second

Posted by Georgi Guninski on Oct 16

Observe that ubuntu issue advisory about libgmp crash
without mentioning potential exploitability.

quote:
https://ubuntu.com/security/notices/USN-5672-1

Details
12 October 2022

It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.

References
CVE-2021-43618

Advisories