CVE-2025-40913

Vulnerability

Overview

Net::Dropbear, a Perl module for Dropbear SSH integration, embeds a copy of the libtommath library. Versions up to and including 0.16 ship with a version of libtommath that contains an integer overflow vulnerability in the mp_grow function, identified as CVE-2023-36328 [1][2]. This flaw occurs when the function attempts to resize an integer's internal storage, potentially leading to an undersized allocation.

Exploitation

An attacker could exploit this vulnerability by providing input that triggers a large integer operation, causing mp_grow to miscalculate the required memory size. The resulting heap buffer overflow may be leveraged to corrupt adjacent memory. The attack surface depends on how Net::Dropbear processes external data; if the module handles untrusted input (e.g., key material or network data), remote exploitation may be possible.

Impact

Successful exploitation could allow an attacker to execute arbitrary code or cause a denial of service (DoS) [1][2]. The vulnerability is rated Medium severity with a CVSS v3 score of 6.5, reflecting the potential for significant impact under certain conditions.

Mitigation

The vulnerable code resides in bn_mp_grow.c [3]. Users should update Net::Dropbear to a version that includes a patched libtommath, or apply the fix from the upstream libtommath repository [1]. No workaround is currently documented; upgrading is the recommended course of action.