CVE-2017-11185

Debian Bug report logs - #872155 strongswan: CVE-2017-11185: Insufficient Input Validation in gmp Plugin Package: src:strongswan; Maintainer for src:strongswan is strongSwan Maintainers <pkg-swan-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 14 Aug 2017 17:12:02 UTC ...

strongSwan could be made to crash or hang if it received specially crafted network traffic ...

A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google's OSS-Fuzz fuzzing project The gmp plugin in strongSwan had insufficient input validation when verifying RSA signatures This coding error could lead to a null pointer dereference, leading to process crash For the oldstable distribution (jessie), this ...

The gmp plugin in strongSwan before 560 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature ...

Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with the operation m^e mod n, where m is the signature, and e and n are the exponent and modulus of the public key The value m is an integer between 0 and n-1, however, the gmp plugin did not verify ...