CVE-2017-11185
Published: 18 August 2017
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
Notes
| Author | Note |
|---|---|
| sdeziel | Remote code execution is not possible. |
Priority
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
strongswan Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
| trusty |
Released
(5.1.2-0ubuntu2.7)
|
|
| upstream |
Released
(5.6.0)
|
|
| xenial |
Released
(5.3.5-1ubuntu3.4)
|
|
| zesty |
Released
(5.5.1-1ubuntu3.2)
|
|
|
Patches: upstream: https://wiki.strongswan.org/projects/strongswan/repository/revisions/ef5c37fcdf47273feea320091598135688df4ef7 upstream: https://download.strongswan.org/security/CVE-2017-11185/strongswan-4.4.0-5.5.3_gmp_mpz_export.patch |
||