Wind River Support Network


LIN6-13070 : Security Advisory - strongswan - CVE-2017-9022

Created: Jun 4, 2017    Updated: Dec 3, 2018
Resolved Date: Jun 19, 2017
Found In Version: 6.0
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


It was found that RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack. 

Other Downloads

Live chat