Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2017-11185

Published: 18 August 2017

The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.

Notes

AuthorNote
sdeziel
Remote code execution is not possible.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
strongswan
Launchpad, Ubuntu, Debian
upstream
Released (5.6.0)
precise Does not exist

trusty
Released (5.1.2-0ubuntu2.7)
xenial
Released (5.3.5-1ubuntu3.4)
zesty
Released (5.5.1-1ubuntu3.2)
Patches:
upstream: https://wiki.strongswan.org/projects/strongswan/repository/revisions/ef5c37fcdf47273feea320091598135688df4ef7
upstream: https://download.strongswan.org/security/CVE-2017-11185/strongswan-4.4.0-5.5.3_gmp_mpz_export.patch