CVE-2017-11185 log

Severity Low
Remote Yes
Type Denial of service
Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with the operation m^e mod n, where m is the signature, and e and n are the exponent and modulus of the public key. The value m is an integer between 0 and n-1, however, the gmp plugin did not verify this. So if m equals n the calculation results in 0, in which case mpz_export() returns NULL. This result wasn't handled properly causing a null-pointer dereference.
Group Package Affected Fixed Severity Status Ticket
AVG-382 strongswan 5.5.3-3 5.5.3-4 Low Fixed
Date Advisory Group Package Severity Type
14 Aug 2017 ASA-201708-13 AVG-382 strongswan Low denial of service