Wind River Support Network

HomeDefectsLIN8-6808
Fixed

LIN8-6808 : Security Advisory - strongswan - CVE-2017-9022

Created: Jun 4, 2017    Updated: Dec 3, 2018
Resolved Date: Jun 6, 2017
Found In Version: 8.0
Fix Version: 8.0.0.19
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

It was found that RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.

https://nvd.nist.gov/vuln/detail/CVE-2017-9022 

Other Downloads


CVEs


Live chat
Online