{"id":"USN-6402-2","summary":"libtommath vulnerability","details":"USN-6402-1 fixed vulnerabilities in LibTomMath. This update\nprovides the corresponding updates for Ubuntu 23.10.\n\nOriginal advisory details:\n\n It was discovered that LibTomMath incorrectly handled certain inputs.\n An attacker could possibly use this issue to execute arbitrary code\n and cause a denial of service (DoS).\n","modified":"2026-01-30T00:30:00.159123Z","published":"2023-11-27T15:59:49.295427Z","related":["CVE-2023-36328","UBUNTU-CVE-2023-36328"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6402-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-36328"}],"affected":[{"package":{"name":"libtommath","ecosystem":"Ubuntu:23.10","purl":"pkg:deb/ubuntu/libtommath@1.2.0-6ubuntu0.23.10.1?arch=source&distro=mantic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.0-6ubuntu0.23.10.1"}]}],"versions":["1.2.0-6build3"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2.0-6ubuntu0.23.10.1","binary_name":"libtommath-dev"},{"binary_version":"1.2.0-6ubuntu0.23.10.1","binary_name":"libtommath-doc"},{"binary_version":"1.2.0-6ubuntu0.23.10.1","binary_name":"libtommath1"},{"binary_version":"1.2.0-6ubuntu0.23.10.1","binary_name":"libtommath1-dbgsym"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6402-2.json"}}],"schema_version":"1.7.3"}