The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.
Created strongswan tracking bugs for this issue:
Affects: epel-all [bug 2015612]
Affects: fedora-all [bug 2015611]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):