[3.5] strongswan: heap buffer overflow using crafted certificates (CVE-2018-17540)
The gmp plugin in strongSwan before 5.7.1 has a Buffer Overflow via a
crafted certificate,
the vulnerability was introduced with the patch that fixes
CVE-2018-16151/2.
References:
https://www.strongswan.org/blog/2018/10/01/strongswan-vulnerability-(cve-2018-17540).html
https://nvd.nist.gov/vuln/detail/CVE-2018-17540
(from redmine: issue id 9519, created on 2018-10-08, closed on 2018-10-09)
- Relations:
- parent #9515 (closed)
- Changesets:
- Revision d01a6eb2 on 2018-10-08T13:33:28Z:
main/strongswan: security fixes
CVE-2018-16151, CVE-2018-16152, CVE-2018-17540
Fixes #9519