CVE-2017-11185 — NULL Pointer Dereference in Strongswan

CWE-476 — NULL Pointer Dereference9 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Debian Strongswan

Timeline

PublishedAug 18

Latest updateMay 14

Description

The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/strongswan< strongswan 5.6.0-1 (bookworm)

▶Debianstrongswan/strongswan< 5.6.0-1+3

▶NVDstrongswan/strongswan5.5.3

🔴Vulnerability Details

GHSA

GHSA-6hcq-7fxg-hvvv: The gmp plugin in strongSwan before 5↗2022-05-14

▶

OSV

CVE-2017-11185: The gmp plugin in strongSwan before 5↗2017-08-18

▶

📋Vendor Advisories

Ubuntu

strongSwan vulnerability↗2017-08-21

▶

Red Hat

strongswan: Insufficient Input Validation in gmp Plugin↗2017-08-14

▶

Debian

CVE-2017-11185: strongswan - The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a den...↗2017

▶

💬Community

Bugzilla

CVE-2017-11185 strongswan: Insufficient Input Validation in gmp Plugin [epel-all]↗2017-08-22

▶

Bugzilla

CVE-2017-11185 strongswan: Insufficient Input Validation in gmp Plugin [fedora-all]↗2017-08-22

▶

Bugzilla

CVE-2017-11185 strongswan: Insufficient Input Validation in gmp Plugin↗2017-08-22

▶