Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2018-17540

Published: 03/10/2018 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Strongswan

Vulnerability Summary

The gmp plugin in strongSwan prior to 5.7.1 has a Buffer Overflow via a crafted certificate.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

strongswan strongswan

debian debian linux 8.0

debian debian linux 9.0

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

Vendor Advisories

Ubuntu Security Notice: strongswan vulnerability
strongSwan could be made to crash or run programs if it received specially crafted network traffic ...
Debian Security Advisories: DSA-4309-1 strongswan -- security update
Google's OSS-Fuzz revealed an exploitable bug in the gmp plugin caused by the patch that fixes CVE-2018-16151 and CVE-2018-16152 (DSA-4305-1) An attacker could trigger it using crafted certificates with RSA keys with very small moduli Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resultin ...
Red Hat: CVE-2018-17540
The gmp plugin in strongSwan before 571 has a Buffer Overflow via a crafted certificate ...

References

CWE-119https://www.debian.org/security/2018/dsa-4309https://usn.ubuntu.com/3774-1/https://lists.debian.org/debian-lts-announce/2018/10/msg00001.htmlhttps://download.strongswan.org/security/CVE-2018-17540/https://security.gentoo.org/glsa/201811-16http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.htmlhttps://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-%28cve-2018-17540%29.htmlhttps://usn.ubuntu.com/3774-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook