CVE-2017-11185

HIGH

strongSwan < 5.5.3 - Denial of Service via RSA Signature in GMP Plugin

Title source: llm
STIX 2.1

Description

The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100492
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3962

Scores

CVSS v3 7.5
EPSS 0.0283
EPSS Percentile 84.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-476
Status published
Products (1)
strongswan/strongswan < 5.5.3
Published Aug 18, 2017
Tracked Since Feb 18, 2026