Remote Integer Overflow in StrongSwan's GMP Plugin
CVE-2021-41990

7.5HIGH

Key Information:

Vendor

Strongswan

Status
Strongswan
Vendor
CVE Published:
18 October 2021

What is CVE-2021-41990?

The GMP plugin in StrongSwan, prior to version 5.9.4, is susceptible to a remote integer overflow vulnerability. This issue arises when a crafted certificate bearing an RSASSA-PSS signature is processed. In particular, it can be exploited via an unrelated self-signed CA certificate issued by an initiator. It is important to note that this vulnerability does not lead to remote code execution.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/strongswan/strongswan/releases/tag/5.9.4
x_refsource_MISC
https://www.strongswan.org/blog/2021/10/18/strongswan-vul...
x_refsource_CONFIRM
https://www.debian.org/security/2021/dsa-4989
vendor-advisoryx_refsource_DEBIAN

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.