CVE-2018-16151
Description
A flaw in strongSwan's GMP plugin allows RSA signature forgery with low-exponent keys, enabling impersonation in IKEv2 authentication.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A flaw in strongSwan's GMP plugin allows RSA signature forgery with low-exponent keys, enabling impersonation in IKEv2 authentication.
Vulnerability
The vulnerability resides in the verify_emsa_pkcs1_signature() function in gmp_rsa_public_key.c of the gmp plugin in strongSwan versions 4.x and 5.x prior to 5.7.0. The implementation fails to reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification, similar to a related flaw concerning digestAlgorithm.parameters. This affects all strongSwan installations where the gmp plugin is enabled and low-exponent RSA keys (e.g., e=3) are in use [1].
Exploitation
An attacker requires only a low public exponent (e=3) RSA key and the ability to present a crafted signature during IKEv2 authentication. By exploiting the lenient ASN.1 parsing that permits extra data after the OID, the attacker can forge a valid PKCS#1 v1.5 signature without needing any prior authentication or special network access [1].
Impact
Successful exploitation allows a remote attacker to forge RSA signatures, leading to impersonation of a legitimate peer when only RSA signature authentication is used for IKEv2. This can result in unauthorized access or man-in-the-middle attacks, compromising the confidentiality and integrity of IPsec connections [1][2].
Mitigation
The vulnerability is fixed in strongSwan version 5.7.0 and later. Users should upgrade to at least 5.7.0; Gentoo recommends upgrading to version 5.7.1 or later [1][2]. No workaround is available if the gmp plugin is enabled and low-exponent keys are in use.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
24- Range: <5.7.0
- osv-coords23 versionspkg:rpm/opensuse/strongswan&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/strongswan&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/strongswan&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/strongswan&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/strongswan&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/strongswan&distro=SUSE%20OpenStack%20Cloud%208
< 5.6.0-lp150.3.3.1+ 22 more
- (no CPE)range: < 5.6.0-lp150.3.3.1
- (no CPE)range: < 5.6.0-lp151.4.3.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.6.0-4.3.2
- (no CPE)range: < 5.6.0-4.3.2
- (no CPE)range: < 5.6.0-4.3.2
- (no CPE)range: < 4.4.0-6.36.12.1
- (no CPE)range: < 4.4.0-6.36.12.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
- (no CPE)range: < 5.1.3-26.13.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- lists.opensuse.org/opensuse-security-announce/2019-11/msg00077.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-12/msg00001.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.htmlmitrevendor-advisoryx_refsource_SUSE
- security.gentoo.org/glsa/201811-16mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/3771-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2018/dsa-4305mitrevendor-advisoryx_refsource_DEBIAN
- lists.debian.org/debian-lts-announce/2018/09/msg00032.htmlmitremailing-listx_refsource_MLIST
- www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-%28cve-2018-16151%2C-cve-2018-16152%29.htmlmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.