Buffer overrun in GMP 5.0.3

Torbjorn Granlund tg at gmplib.org
Tue Jan 31 10:31:41 CET 2012


We have a buffer overrun in GMP 5.0.3, furthermore the functions
affected are mpz_powm_sec and mpn_powm_sec, i.e. GMP's modexp functions
specifically recommended for cryptographic applications.

Extra safe turned extra unsafe with this release.

We will make a new release before the end of this week.

Only GMP 5.0.3 is affected; earlier GMP releases did not have this bug.

We apologise for the problems this creates.

-- 
Torbjörn


More information about the gmp-announce mailing list