Published: 18/10/2021 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The gmp plugin in strongSwan prior to 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

Vulnerable Product	Search on Vulmon	Subscribe to Product
strongswan strongswan
debian debian linux 10.0
debian debian linux 11.0
fedoraproject fedora 33
fedoraproject fedora 34
fedoraproject fedora 35
siemens 6gk6108-4am00-2ba2_firmware -
siemens 6gk6108-4am00-2da2_firmware -
siemens 6gk5804-0ap00-2aa2_firmware -
siemens 6gk5812-1aa00-2aa2_firmware -
siemens 6gk5812-1ba00-2aa2_firmware -
siemens 6gk5816-1aa00-2aa2_firmware -
siemens 6gk5816-1ba00-2aa2_firmware -
siemens 6gk5826-2ab00-2ab2_firmware -
siemens 6gk5874-2aa00-2aa2_firmware -
siemens 6gk5874-3aa00-2aa2_firmware -
siemens 6gk5876-3aa02-2ba2_firmware -
siemens 6gk5876-3aa02-2ea2_firmware -
siemens 6gk5876-4aa00-2ba2_firmware -
siemens 6gk5876-4aa00-2da2_firmware -
siemens 6gk5856-2ea00-3da1_firmware -
siemens 6gk5856-2ea00-3aa1_firmware -
siemens 6gk5615-0aa00-2aa2_firmware -

Researchers at the United States of America National Security Agency (NSA) identified two denial of services vulnerability in strongSwan, an IKE/IPsec suite CVE-2021-41990 RSASSA-PSS signatures whose parameters define a very high salt length can trigger an integer overflow that can lead to a segmentation fault Generating a signature ...

The gmp plugin in strongSwan before 594 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator Remote code execution cannot occur ...

The LTS Candidate LTC-96 has been updated to 9604664180 (Platform Version: 142686700) for most ChromeOS devices Want to know more about Long-term Support? Click here This update includes the following Security fixes: CVE-2022-0096 Critical SUMMARY: AddressSanitizer: heap-use-after-free base/bind_internalh:535:12 in BindState CVE-2022-02 ...

CWE-190 https://github.com/strongswan/strongswan/releases/tag/5.9.4 https://www.debian.org/security/2021/dsa-4989 https://cert-portal.siemens.com/productcert/pdf/ssa-539476.pdf https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-%28cve-2021-41990%29.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FJSATD2R2XHTG4P63GCMQ2N7EWKMME5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQSQ3BEC22NF4NCDZVCT4P3Q2ZIAJXGJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3TQ32JLJOBJDB2EJKSX2PBPB5NFG2D4/https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4989

CVE-2021-41990

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect