The gmp plugin in strongSwan prior to 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
strongswan strongswan |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
siemens 6gk6108-4am00-2ba2_firmware - |
||
siemens 6gk6108-4am00-2da2_firmware - |
||
siemens 6gk5804-0ap00-2aa2_firmware - |
||
siemens 6gk5812-1aa00-2aa2_firmware - |
||
siemens 6gk5812-1ba00-2aa2_firmware - |
||
siemens 6gk5816-1aa00-2aa2_firmware - |
||
siemens 6gk5816-1ba00-2aa2_firmware - |
||
siemens 6gk5826-2ab00-2ab2_firmware - |
||
siemens 6gk5874-2aa00-2aa2_firmware - |
||
siemens 6gk5874-3aa00-2aa2_firmware - |
||
siemens 6gk5876-3aa02-2ba2_firmware - |
||
siemens 6gk5876-3aa02-2ea2_firmware - |
||
siemens 6gk5876-4aa00-2ba2_firmware - |
||
siemens 6gk5876-4aa00-2da2_firmware - |
||
siemens 6gk5856-2ea00-3da1_firmware - |
||
siemens 6gk5856-2ea00-3aa1_firmware - |
||
siemens 6gk5615-0aa00-2aa2_firmware - |