It was found that RSA public keys passed to the gmp plugin aren't validated sufficiently before attempting signature verification, so that invalid input might lead to a floating point exception and crash of the process. A certificate with an appropriately prepared public key sent by a peer could be used for a denial-of-service attack.
Created strongswan tracking bugs for this issue:
Affects: epel-all [bug 1457123]
Affects: fedora-all [bug 1457124]
This issue did not affect the versions of strongimcv as shipped with Red Hat Enterprise Linux 7, as they did not include support for the gmp plugin.