Re: sagemath denial of service with abort() in gmp: overflow in mpz type

[Georgi Guninski <gguninski () gmail com>]

On Tue, Sep 6, 2022 at 7:17 PM Russ Allbery <eagle () eyrie org> wrote:
> I would only call it a DoS if it crosses a privilege boundary.  A user can
> always DoS themselves; that's just Ctrl-C.  :)
Observe that ubuntu issue advisory about libgmp crash
without mentioning potential exploitability.

quote:
https://ubuntu.com/security/notices/USN-5672-1

Details
12 October 2022

It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.

References
CVE-2021-43618