VYPR
High severity7.5OSV Advisory· Published Sep 26, 2018· Updated Jun 17, 2026

CVE-2018-15836

CVE-2018-15836

Description

In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used. IKEv2 signature verification is affected when RAW RSA keys are used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Xelerance/OpenswanOSV2 versions
    v2.5.01, v2.5.03, v2.6.01, …+ 1 more
    • (no CPE)range: v2.5.01, v2.5.03, v2.6.01, …
    • (no CPE)range: <2.6.50.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.