PT-2021-23465 · Unknown+4 · Strongswan+4

Published

2021-10-18

Updated

2024-06-15

CVE-2021-41990

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions strongSwan versions prior to 5.9.4

Description The issue is related to a remote integer overflow in the gmp plugin via a crafted certificate with an RSASSA-PSS signature. This can be triggered by an unrelated self-signed CA certificate sent by an initiator. It is noted that remote code execution cannot occur.

Recommendations For versions prior to 5.9.4, update to version 5.9.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the gmp plugin until a patch is available.

Fix

RCE

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2021-3101

ALT-PU-2022-2456

ALT-PU-2024-7917

AZL-6896

CVE-2021-41990

DSA-4989-1

OESA-2021-1408

OPENSUSE-SU-2021:1399-1

OPENSUSE-SU-2021:3467-1

OPENSUSE-SU-2021_1399-1

OPENSUSE-SU-2021_3467-1

OPENSUSE-SU-2024:11655-1

ROSA-SA-2023-2274

SUSE-SU-2021:3467-1

SUSE-SU-2021:3469-1

USN-5111-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Strongswan

PT-2021-23465 · Unknown+4 · Strongswan+4

CVE-2021-41990

Weakness Enumeration

Related Identifiers

Affected Products

References · 41