CVE-2025-40913 | THREATINT

Description

Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-16 | Updated 2025-07-16 | Assigner CPANSec

Problem types

CWE-1395 Dependency on Vulnerable Third-Party Component

Product status

Default status

unaffected

0.01 (custom)

affected

References

www.cve.org/CVERecord?id=CVE-2023-36328

github.com/libtom/libtommath/pull/546

github.com/advisories/GHSA-j3xv-6967-cv88

metacpan.org/...0.16/source/dropbear/libtommath/bn_mp_grow.c

cve.org (CVE-2025-40913)

nvd.nist.gov (CVE-2025-40913)

Download JSON