The in-memory certificate cache in strongSwan prior to 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
strongswan strongswan |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
siemens sinema remote connect server - |
||
siemens siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware - |
||
siemens simatic_cp_1243-1_firmware - |
||
siemens simatic_cp_1242-7_gprs_v2_firmware - |
||
siemens simatic_net_cp_1243-8_irc_firmware - |
||
siemens scalance_sc632-2c_firmware - |
||
siemens siplus_et_200sp_cp_1543sp-1_isec_firmware - |
||
siemens cp_1543-1_firmware - |
||
siemens simatic_net_cp_1545-1_firmware - |
||
siemens simatic_cp_1543sp-1_firmware - |
||
siemens simatic_net_cp1243-7_lte_eu_firmware - |
||
siemens simatic_cp_1243-7_lte\\/us_firmware - |
||
siemens simatic_cp_1542sp-1_firmware - |
||
siemens scalance_sc636-2c_firmware - |
||
siemens simatic_cp_1542sp-1_irc_firmware - |
||
siemens scalance_sc642-2c_firmware - |
||
siemens scalance_sc646-2c_firmware |
||
siemens scalance_sc622-2c_firmware - |
||
siemens siplus_s7-1200_cp_1243-1_rail_firmware - |
||
siemens siplus_s7-1200_cp_1243-1_firmware - |
||
siemens siplus_net_cp_1543-1_firmware - |
||
siemens siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware - |
Vulmon