{"id":"CVE-2025-40913","details":"Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow.\n\nNet::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.","aliases":["CVE-2025-40914","GHSA-j3xv-6967-cv88"],"modified":"2026-03-20T12:43:17.563063Z","published":"2025-07-16T14:15:25.237Z","references":[{"type":"WEB","url":"https://www.cve.org/CVERecord?id=CVE-2023-36328"},{"type":"WEB","url":"https://metacpan.org/release/ATRODO/Net-Dropbear-0.16/source/dropbear/libtommath/bn_mp_grow.c"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-j3xv-6967-cv88"},{"type":"FIX","url":"https://github.com/libtom/libtommath/pull/546"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libtom/libtommath","events":[{"introduced":"0"},{"last_affected":"14161e843e7aee94c41370b0a731182e9618f796"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.16"}]}}],"versions":["0.01","0.02","0.03","0.04","0.05","0.06","0.07","0.08","0.09","0.10","0.11","0.12","0.13","0.14","0.15","0.16"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40913.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}]}