Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2017-9022

Published: 30 May 2017

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
strongswan
Launchpad, Ubuntu, Debian
upstream Needs triage

precise Does not exist

trusty
Released (5.1.2-0ubuntu2.6)
xenial
Released (5.3.5-1ubuntu3.3)
yakkety
Released (5.3.5-1ubuntu4.3)
zesty
Released (5.5.1-1ubuntu3.1)