[3.4] strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)ID: oval:org.secpod.oval:def:1800749 | Date: (C)2018-03-29 (M)2023-11-10 |
Class: PATCH | Family: unix |
CVE-2017-9022: Insufficient validation of RSA public keys passed to the gmp plugin. RSA public keys passed to the gmp plugin aren"t validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. Affected versions: All versions since 4.4.0, up to and including 5.5.2. Fixed In Version: strongswan 5.5.3
Platform: |
Alpine Linux 3.4 |