Wind River Support Network

HomeDefectsLIN5-23148
Fixed

LIN5-23148 : Security Advisory - strongswan - CVE-2017-9022

Created: Jun 4, 2017    Updated: May 29, 2018
Resolved Date: Jul 20, 2017
Found In Version: 5.0.1.39
Fix Version: 5.0.1.41
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

It was found that RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.

https://nvd.nist.gov/vuln/detail/CVE-2017-9022 

Other Downloads


Live chat
Online