Wind River Support Network

HomeDefectsLIN9-4340
Fixed

LIN9-4340 : Security Advisory - strongswan - CVE-2017-9022

Created: Jun 4, 2017    Updated: May 29, 2018
Resolved Date: Aug 10, 2017
Found In Version: unknown
Fix Version: 9.0.0.8
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

It was found that RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.

https://nvd.nist.gov/vuln/detail/CVE-2017-9022 

CVEs


Live chat
Online