Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-9023

Published: 30 May 2017

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
strongswan
Launchpad, Ubuntu, Debian
precise Does not exist

trusty
Released (5.1.2-0ubuntu2.6)
upstream Needs triage

xenial
Released (5.3.5-1ubuntu3.3)
yakkety
Released (5.3.5-1ubuntu4.3)
zesty
Released (5.5.1-1ubuntu3.1)