CVE-2021-41991 — Integer Overflow or Wraparound in Strongswan

CWE-190 — Integer Overflow or Wraparound CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents8 sources

Severity

7.5HIGHNVD

EPSS

2.5%

top 14.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strongswan Siemens Scalance Sc646-2c Firmware Debian Linux +1 more

Timeline

PublishedOct 18

Latest updateMay 24

Description

The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of cache entries. The code attempts to select a less-often-used cache entry by means of a random number generator, but this is not done correctly. Remote code execution might be a slight possibility.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDstrongswan/strongswan4.2.10 — 5.9.4

▶Debianstrongswan/strongswan< 5.9.1-1+deb11u1+3

▶Ubuntustrongswan/strongswan< 5.6.2-1ubuntu2.7+3

▶NVDsiemens/scalance_sc646-2c_firmware< 2.3

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 33, 34, 35

Patches

Patch: cert-portal.siemens.com ↗Patch: cert-portal.siemens.com ↗

🔴Vulnerability Details

GHSA

GHSA-jpr7-w98h-cvgm: The in-memory certificate cache in strongSwan before 5↗2022-05-24

▶

OSV

strongswan vulnerability↗2021-10-19

▶

OSV

strongswan vulnerabilities↗2021-10-19

▶

CVEList

CVE-2021-41991: The in-memory certificate cache in strongSwan before 5↗2021-10-18

▶

OSV

CVE-2021-41991: The in-memory certificate cache in strongSwan before 5↗2021-10-18

▶

📋Vendor Advisories

Ubuntu

strongSwan vulnerabilities↗2021-10-19

▶

Ubuntu

strongSwan vulnerability↗2021-10-19

▶

Red Hat

strongswan: integer overflow when replacing certificates in cache↗2021-10-18

▶

Microsoft

▶

Debian

CVE-2021-41991: strongswan - The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer ...↗2021

▶