Project

General

Profile

Bug #7346

strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)

Added by Alicha CH almost 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Start date:
05/31/2017
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

CVE-2017-9022: Insufficient validation of RSA public keys passed to the gmp plugin

RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point
exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.

Affected versions:

All versions since 4.4.0, up to and including 5.5.2.

Fixed In Version:

strongswan 5.5.3

References:

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html

Patches:

https://download.strongswan.org/security/CVE-2017-9022/

CVE-2017-9023: Incorrect Handling of CHOICE types in ASN.1 parser and x509 plugin

ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when parsing X.509 certificates with extensions that use such types.
This could lead to infinite looping of the thread parsing a specifically crafted certificate.

Affected versions:

All strongSwan versions up to and including 5.5.2

Fixed In Version:

strongswan 5.5.3

References:

https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html

Patches:

https://download.strongswan.org/security/CVE-2017-9023/


Subtasks

Bug #7347: [3.6] strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)ClosedNatanael Copa

Bug #7348: [3.5] strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)ClosedNatanael Copa

Bug #7349: [3.4] strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)ClosedNatanael Copa

Bug #7350: [3.3] strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)ClosedNatanael Copa

History

#1 Updated by Leonardo Arena almost 2 years ago

  • Status changed from New to Resolved

#2 Updated by Alicha CH almost 2 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF