[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-3962-1 strongswan -- strongswan

ID: oval:org.secpod.oval:def:603086Date: (C)2017-09-05   (M)2023-12-20
Class: PATCHFamily: unix




A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google"s OSS-Fuzz fuzzing project. The gmp plugin in strongSwan had insufficient input validation when verifying RSA signatures. This coding error could lead to a null pointer dereference, leading to process crash.

Platform:
Debian 8.x
Debian 9.x
Product:
strongswan
libcharon-extra-plugins
libstrongswan
charon-systemd
charon-cmd
strongswan-ike
strongswan-ikev1
strongswan-ikev2
strongswan-nm
Reference:
DSA-3962-1
CVE-2017-11185
CVE    1
CVE-2017-11185
CPE    8
cpe:/a:strongswan:strongswan-ikev2
cpe:/a:strongswan:strongswan-ike
cpe:/a:strongswan:strongswan-ikev1
cpe:/a:strongswan:strongswan-nm
...

© SecPod Technologies