Sze Yiu Chau and his team from Purdue University and The University of Iowa found several issues in the gmp plugin for strongSwan, an IKE/IPsec suite. Problems in the parsing and verification of RSA signatures could lead to a Bleichenbacher-style low-exponent signature forgery in certificates and during IKE authentication. While the gmp plugin doesn"t allow arbitrary data after the ASN.1 structure , the ASN.1 parser is not strict enough and allows data in specific fields inside the ASN.1 structure. Only installations using the gmp plugin are affected , and only when using keys and certificates using keys with an exponent e = 3, which is usually rare in practice. CVE-2018-16151 The OID parser in the ASN.1 code in gmp allows any number of random bytes after a valid OID. CVE-2018-16152 The algorithmIdentifier parser in the ASN.1 code in gmp doesn"t enforce a NULL value for the optional parameter which is not used with any PKCS#1 algorithm.