CVE-2023-36328: 
NixOS vulnerability analysis and mitigation

CVE-2023-36328 is an Integer Overflow vulnerability discovered in the mp_grow function of libtom libtommath library. The vulnerability affects versions before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 and was fixed in version 1.2.1. This security issue was assigned a CVSS v3.1 base score of 9.8 (CRITICAL) (NVD).

The vulnerability is classified as an Integer Overflow or Wraparound (CWE-190) that occurs in the mp_grow function of the libtommath library. The issue allows attackers to potentially trigger integer overflow conditions when manipulating certain inputs. The severity is rated as Critical with a CVSS v3.1 Base Score of 9.8, indicating remote exploitability with no authentication required (NVD).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary code and cause a denial of service (DoS) condition in affected systems (Debian LTS, NVD).

The vulnerability has been fixed in libtommath version 1.2.1 and commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9. Various distributions have released security updates: Debian 11 (Bullseye) users should upgrade to version 1.2.0-6+deb11u1, Fedora 37 to version 1.2.0-11.fc37, Fedora 38 to version 1.2.0-12.fc38, and Fedora 39 to version 1.2.0-13.fc39 (Debian LTS, Fedora Updates).