[3.6] strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)ID: oval:org.secpod.oval:def:1800890 | Date: (C)2018-03-28 (M)2023-11-10 |
Class: PATCH | Family: unix |
CVE-2017-9022: Insufficient validation of RSA public keys passed to the gmp plugin; RSA public keys passed to the gmp plugin aren"t validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. Affected versions: All versions since 4.4.0, up to and including 5.5.2. Fixed In Version: strongswan 5.5.3
Platform: |
Alpine Linux 3.6 |