1635877 – (CVE-2018-17540) CVE-2018-17540 strongswan: heap buffer overflow using crafted certificates

Bug 1635877 (CVE-2018-17540) - CVE-2018-17540 strongswan: heap buffer overflow using crafted certificates

Summary: CVE-2018-17540 strongswan: heap buffer overflow using crafted certificates

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2018-17540
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1635878 1635879
Blocks:	1635880
TreeView+	depends on / blocked

Reported:	2018-10-03 20:09 UTC by Laura Pardo
Modified:	2019-09-29 14:59 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2018-11-12 06:51:43 UTC
Embargoed:

Attachments	(Terms of Use)

Description Laura Pardo 2018-10-03 20:09:24 UTC

A flaw was found in Strongswan caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1). An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resulting in a crash of the daemon.


References:
https://packetstormsecurity.com/files/149640/dsa-4309-1.txt

Comment 1 Laura Pardo 2018-10-03 20:10:01 UTC

Created strongswan tracking bugs for this issue:

Affects: epel-all [bug 1635878]
Affects: fedora-all [bug 1635879]

Comment 2 Huzaifa S. Sidhpurwala 2018-11-12 06:50:00 UTC

This is a flaw, which is caused by the patch applied to fix CVE-2018-16151 in the gmp plugin. Strongswan in Red Hat Enterprise Linux 7 does not enable the gmp plugin.

Note You need to log in before you can comment on or make changes to this bug.