[3.4] strongswan: Insufficient Input Validation in gmp Plugin (CVE-2017-11185)
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to
cause a
denial of service (NULL pointer dereference and daemon crash) via a
crafted RSA signature.
Fixed In Version:
strongswan 5.6.0
References:
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html
https://nvd.nist.gov/vuln/detail/CVE-2017-11185
Patch:
(from redmine: issue id 7905, created on 2017-09-25, closed on 2017-10-24)
- Relations:
- parent #7902 (closed)
- Changesets:
- Revision a38ad2c5 on 2017-10-23T14:43:44Z:
main/strongswan: security fix (CVE-2017-11185)
fixes #7905