DSA-3962-1 strongswan -- strongswanID: oval:org.secpod.oval:def:603086 | Date: (C)2017-09-05 (M)2023-12-20 |
Class: PATCH | Family: unix |
A denial of service vulnerability was identified in strongSwan, an IKE/IPsec suite, using Google"s OSS-Fuzz fuzzing project. The gmp plugin in strongSwan had insufficient input validation when verifying RSA signatures. This coding error could lead to a null pointer dereference, leading to process crash.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
strongswan |
libcharon-extra-plugins |
libstrongswan |
charon-systemd |
charon-cmd |
strongswan-ike |
strongswan-ikev1 |
strongswan-ikev2 |
strongswan-nm |