Bug 1635877 (CVE-2018-17540) - CVE-2018-17540 strongswan: heap buffer overflow using crafted certificates
Summary: CVE-2018-17540 strongswan: heap buffer overflow using crafted certificates
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-17540
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1635878 1635879
Blocks: 1635880
TreeView+ depends on / blocked
 
Reported: 2018-10-03 20:09 UTC by Laura Pardo
Modified: 2019-09-29 14:59 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-12 06:51:43 UTC
Embargoed:


Attachments (Terms of Use)

Description Laura Pardo 2018-10-03 20:09:24 UTC
A flaw was found in Strongswan caused by the patch that fixes CVE-2018-16151 and CVE-2018-16151 (DSA-4305-1). An attacker could trigger it using crafted certificates with RSA keys with very small moduli. Verifying signatures with such keys would cause an integer underflow and subsequent heap buffer overflow resulting in a crash of the daemon.


References:
https://packetstormsecurity.com/files/149640/dsa-4309-1.txt

Comment 1 Laura Pardo 2018-10-03 20:10:01 UTC
Created strongswan tracking bugs for this issue:

Affects: epel-all [bug 1635878]
Affects: fedora-all [bug 1635879]

Comment 2 Huzaifa S. Sidhpurwala 2018-11-12 06:50:00 UTC
This is a flaw, which is caused by the patch applied to fix CVE-2018-16151 in the gmp plugin. Strongswan in Red Hat Enterprise Linux 7 does not enable the gmp plugin.


Note You need to log in before you can comment on or make changes to this bug.