| CVE-2022-40617 |
AVG-2814 |
Unknown |
Unknown |
Unknown |
Unknown |
| CVE-2021-41991 |
AVG-2473 |
Medium |
Yes |
Arbitrary code execution |
The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill... |
| CVE-2021-41990 |
AVG-2473 |
Medium |
Yes |
Denial of service |
The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be... |
| CVE-2018-16152 |
AVG-769 |
High |
Yes |
Authentication bypass |
The algorithmIdentifier structure on a PKCS#1.5 signature contains an optional parameters field. While none of the algorithms used with PKCS#1 use... |
| CVE-2018-16151 |
AVG-769 |
High |
Yes |
Authentication bypass |
The OID parser allows any number of random bytes after a valid OID for a PKCS#1.5 signature. The asn1_known_oid() function just parses until it finds a leaf... |
| CVE-2018-6459 |
AVG-625 |
Medium |
Yes |
Denial of service |
The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c before strongSwan 5.6.2 allows remote attackers to cause a denial of... |
| CVE-2018-5388 |
AVG-710 |
Low |
No |
Denial of service |
strongSwan VPN's charon server prior to version 5.6.3 is missing a packet length check in stroke_socket.c, allowing a buffer overflow which may lead to... |
| CVE-2017-11185 |
AVG-382 |
Low |
Yes |
Denial of service |
Fixed a DoS vulnerability in the gmp plugin that was caused by insufficient input validation when verifying RSA signatures, which requires decryption with... |