Wind River Support Network

HomeDefectsLIN6-13070
Fixed

LIN6-13070 : Security Advisory - strongswan - CVE-2017-9022

Created: Jun 4, 2017    Updated: Dec 3, 2018
Resolved Date: Jun 19, 2017
Found In Version: 6.0
Fix Version: 6.0.0.34
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace

Description

It was found that RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.

https://nvd.nist.gov/vuln/detail/CVE-2017-9022 

Other Downloads


Live chat
Online