CVE-2025-40913 Information
Jul 17, 2025
cve
Description
Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow.
Net::Dropbear embeds a version of the libtommath library that is susceptible to an integer overflow associated with CVE-2023-36328.
Reference
https://github.com/advisories/GHSA-j3xv-6967-cv88 https://github.com/libtom/libtommath/pull/546 https://metacpan.org/release/ATRODO/Net-Dropbear-0.16/source/dropbear/libtommath/bn_mp_grow.c https://www.cve.org/CVERecord?id=CVE-2023-36328
Related CNNVD
CNNVD-202507-2231 (Published: 2025-07-16)
Share on: